Monday, July 18, 2016

debian - Apache + LDAP Auth: access to / failed, reason: require directives present and no Authoritative handler



Can't solve this one, here's my .htaccess:




AuthPAM_Enabled Off

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on

AuthName "MESSAGE"
Require ldap-group cn=CHANGED, cn=CHANGED

AuthLDAPURL "ldap://localhost/dc=CHANGED,dc=CHANGED?uid?sub?(objectClass=posixAccount)"
AuthLDAPBindDN CHANGED
AuthLDAPBindPassword CHANGED
AuthLDAPGroupAttribute memberUid


AuthLDAPURL is correct, BindDN and BindPassword are correct also (verified with ldapvi -D ..).




Apache version: Apache/2.2.9 (Debian)



The error message seems cryptic to me, I have AuthzLDAPAuthoritative on so where's the problem.



EDIT:



LDAP modules are loaded, the problem is not with them being missing.





# ls /etc/apache2/mods-enabled/*ldap*
/etc/apache2/mods-enabled/authnz_ldap.load  /etc/apache2/mods-enabled/ldap.load


EDIT2:



Solved it by changing funky 




Require ldap-group cn=CHANGED, cn=CHANGED



line with




Require valid-user


Since AuthzLDAPAuthoritative is on, no other auth methods will be used and valid-user requirement will auth via LDAP. (right? :/)


Answer




Your 'Require' line reads




Require ldap-group cn=CHANGED, cn=CHANGED




That doesn't look write - I don't believe you can have have two cn's in a DN like that.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...