CoSign: Collaborative Single Sign-On  
AnnouncementsDiscussion
 

cosign-discuss at umich.edu
general discussion of cosign development and deployment
 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mod_cosign, mod_authz_ldap and apache2



So has anyone tried to get these two modules working with an apache2
instance?

I've recently configured a mod_cosign installation with apache2 (and
it's working nicely).  But when I add the patched version of
mod_authz_ldap (using the example configs in the patch) "require group"
functionality isn't quite working yet.  In a nutshell it looks like
mod_authz_ldap isn't getting the REMOTE_USER data it needs.  I see error
messages like this in my apache error_log:

    search from 'ou=Group,dc=reed,dc=edu' for \
        '(&(member=(null))(cn=group1))'\
        returns 87 = 'Bad search filter'

In this case "group1" would be an LDAP groupofnames object (that I
specified in my .htaccess file (require group group1), and "(null)"
should be expanded to:

    uid=REMOTE_USER,ou=people,dc=reed,dc=edu

My mod_authz_ldap configs for my testing area look like this:

    ##############################################
    # mod_authz_ldap settings
    AuthType            Cosign
    AuthzLDAPMethod     basic
    AuthzLDAPServer     ldap.reed.edu
    AuthzLDAPProtocolVersion    3

    AuthzLDAPUserBase   ou=People,dc=reed,dc=edu
    AuthzLDAPUserScope  base
    AuthzLDAPUserKey    uid

    AuthzLDAPGroupBase  ou=Group,dc=reed,dc=edu
    AuthzLDAPGroupScope subtree
    AuthzLDAPGroupkey   cn

    AuthzLDAPSetGroupAuth       ldapdn
    AuthzLDAPRoleAttributeName  "ou"
    ##############################################

In this example the error is generated when I try to access a
subdirectory of a cosign protected directory.  The subdirectory has a
.htaccess file that looks like this:

    require group group1

My mod_authz_ldap was patched and build, following the directions in
mod_authz_ldap-NOTES.txt.

Any idea what might be going on here?  

-- 
________________________________________________________________________
Ben Poliakoff <benp@xxxxxxxx> | Unix System Administrator | Reed College
PGP fingerprint:      A131 F813 7A0F C5B7 E74D  C972 9118 A94D 6AF5 2019


 
Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010