[CentOS] mod_auth_ldap Apache2 on CentOS 5 and require group

Thu Apr 10 21:01:15 UTC 2008
David Hláčik <david at hlacik.eu>

Hi, all,

1) it is CentOs 5.1
2) i am sure that LDAP is working according to error and access logs (when i
will type bad user it will fail, when i will type bad password it will
inform me about password mismath)
3) yes it is in correct <Location> directory
I am sending whole config file :

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.

<IfModule mod_dav_svn.c>




# - uncomment location section below and modify it according to your
situation.

#    You will need to change at least the AuthLDAPURL
parameter.

#


# Documentation of the LDAP module used, and its parameters, is available
at

#  http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html


#  http://httpd.apache.org/docs/2.2/mod/mod_ldap.html


#


<Location
/repo>


#       # enable Web DAV HTTP access methods
        DAV svn
#
#       # repository
location

        SVNPath
"/srv/polarion/svn/repo"


#
#       # write requests from WebDAV clients result in automatic commits
        SVNAutoversioning
on


#


        AuthName "Subversion
repository"


#
#       # per-directory access control
        AuthzSVNAccessFile
"/srv/polarion/svn/access"


#


        AuthType
Basic


        AuthBasicProvider
ldap


#
#       # allow mod_authnz_ldap to decline group authentication so that
Apache
#       # will fall back to file authentication for checking group
membership

       AuthzLDAPAuthoritative   On
#

#       AuthLDAPURL "
ldap://yourExampleServer.com:389/ou=People,o=organization.org?uid"


#


#       Require valid-user
#

        AuthLDAPURL "ldap://server/ou=Users,o=Organization?uid"
        Require ldap-group "cn=tester2,ou=Groups,o=Organization"
        #Require ldap-dn cn=Hlacik David,ou=Users,o=Organization
        AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
        AuthLDAPBindPassword svn1
</Location>





</IfModule>

2008/4/10 Jim Perrin <jperrin at gmail.com>:

> On Thu, Apr 10, 2008 at 2:35 PM, David Hláčik <david at hlacik.eu> wrote:
>  > Hi , i am facing a strange problem.
> >
> > I have centos , i wan to access svn trought apache using mod auth ldap.
> >
> > This is what i have configured
> >
> >        AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
> >         AuthLDAPBindPassword Pass1
> >         AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid"
> >         AuthLDAPGroupAttribute member
> >         AuthLDAPGroupAttributeIsDN on
> >          Require group cn=tester2,ou=Groups,o=Organization
> >
> > What is strange?
> >
> > According to doc it will accept only users which DN is in group
> > cn=teste2,ou=Groups,o=Organization.
> >
> > How come, for me it will accept every one user from LDAP?
> >
> > Thanks in advance!
>
> Is this for centos 4 or centos5?
>
>
> --
> During times of universal deceit, telling the truth becomes a
> revolutionary act.
> George Orwell
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080410/fc68ef18/attachment-0005.html>