[CentOS] C4 - mod_authz_ldap - weird behavoir

Petr Klíma qaxi at seznam.cz
Mon Sep 26 11:03:52 UTC 2005


I have problem with mod_authz_ldap with this setup:

<Directory /var/www/html/weby_2005>
     AuthzLDAPServer 		"ldap:389"
     AuthzLDAPUserBase 		dc=group,dc=cz
     AuthzLDAPBindDN   		uid=ds,ou=People,dc=group,dc=cz
     AuthzLDAPBindPassword 	XXXXX
     AuthzLDAPUserKey 		uid
     AuthzLDAPUserScope 		subtree
     AuthzLDAPLogLevel 		debug

     # needed for user auth
     AuthzLDAPMethod ldap

    # needed for group auth
    AuthzLDAPMethod 		ldap
    AuthzLDAPGroupBase 		ou=Groups,dc=group,dc=cz
    AuthzLDAPGroupKey  		cn

    # map users to the uid uid for membership checking
    AuthzLDAPMapUserToAttr      	uid
    AuthzLDAPSetGroupAuth       	map

    # this means that the memberUid attribute must match the uid
    # (which is the result of the map operation)
    AuthzLDAPMemberKey          memberUid

     AuthType basic
     AuthName "Katalog"

     <Limit GET POST>
         deny from all
         allow from all
         #require user klima
         require valid-user
         #require group wprgs


When I use "require valid-user" or "require group wprgs" it works 
perfectly (I can login with username "klima", but "require user klima" 
it replies "Forbidden".

What is weird that it ask for password one time and then just shows 
"Forbiden" ... When I changed setting of Apache and reload it logs 
without asking passwd ... (it looks like "Iam loged but cannot login")


    Petr Klíma

    e-mail:  qaxi at seznam.cz

More information about the CentOS mailing list