On 8/23/07, Dale Schuster <Dale.Schuster@sncorp.com> wrote:
I am using mod_auth_ldap on Apache 2.0.54 and SuSE 10.1. I have
"Gaël Lams" <lamsgael@gmail.com> wrote on 08/27/2007 08:31:25 AM: things
configured to authenticate to an LDAP source running on IBM Lotus Domino directory. Authentication works fine. If I configure the <Location> to require a valid-user things work fine. But, when I "require group cn=groupname" things fall apart.
Could you paste the relevant lines from your apache's configuration?
<Directory "/srv/www/secdocs/testing"> AuthLDAPEnabled on AuthType Basic AuthName "Test Directory" AuthLDAPURL ldap://192.168.12.29/?cn AuthLDAPCompareDNOnServer off AuthLDAPGroupAttributeIsDN on AuthLDAPRemoteUserIsDN on AuthLDAPGroupAttribute member #Require group CN=SNC Require valid-user </Directory> The agent from IBM told me that they cannot use uid for authentication, but it was working. I did change to cn instead, but things are identical either way. With the config as-is above, the site works. But, if I change the valid-user to group, it breaks.
I don't get any messags in the apache logs telling me there was an authentication failure or anything, just
that
... a joint effort between me and the Notes administration team here at work, so I have very limited access to any Domino logs. However, we did get IBM involved, and we were told that Domino Dirctory Services is setup correctly.
I set-up apache's authentication to a Domino server using LDAP a 2/3 years ago and pretty much all the steps to be followed where on the apache' side.
It's really strange that there is nothing on apache's error log.
Yes, That is what I thought also. When viewing the website, the authentication box just keeps popping up over and over. If I type the password in wrong, that error is noted in the error_log, and if I type an invalid username, that info is also logged. However, when I type the correct username and password, NOTHING is logged. This is understandable, because the authentication success wouldn't be logged as an error. I'm sure it's the authorization phase that is failing, but the troublesome part is no errors are reported for that phase. The page isn't served, so the access_log shows as a 401 - access denied. Thanks, ~Dale P.S. I didn't notice this response until you responded to my re-post. I'm sorry for re-posting, but I use Lotus Notes for e-mail and it is very difficult to keep track of these threads on such a high-volume list. I haven't been able to figure out how to get Notes to view the [opensuse] messages in a threaded view. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org