 |
cosign-discuss at umich.edu
|
|
general discussion of cosign development and deployment
|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
mod_cosign, mod_authz_ldap and apache2
So has anyone tried to get these two modules working with an apache2
instance?
I've recently configured a mod_cosign installation with apache2 (and
it's working nicely). But when I add the patched version of
mod_authz_ldap (using the example configs in the patch) "require group"
functionality isn't quite working yet. In a nutshell it looks like
mod_authz_ldap isn't getting the REMOTE_USER data it needs. I see error
messages like this in my apache error_log:
search from 'ou=Group,dc=reed,dc=edu' for \
'(&(member=(null))(cn=group1))'\
returns 87 = 'Bad search filter'
In this case "group1" would be an LDAP groupofnames object (that I
specified in my .htaccess file (require group group1), and "(null)"
should be expanded to:
uid=REMOTE_USER,ou=people,dc=reed,dc=edu
My mod_authz_ldap configs for my testing area look like this:
##############################################
# mod_authz_ldap settings
AuthType Cosign
AuthzLDAPMethod basic
AuthzLDAPServer ldap.reed.edu
AuthzLDAPProtocolVersion 3
AuthzLDAPUserBase ou=People,dc=reed,dc=edu
AuthzLDAPUserScope base
AuthzLDAPUserKey uid
AuthzLDAPGroupBase ou=Group,dc=reed,dc=edu
AuthzLDAPGroupScope subtree
AuthzLDAPGroupkey cn
AuthzLDAPSetGroupAuth ldapdn
AuthzLDAPRoleAttributeName "ou"
##############################################
In this example the error is generated when I try to access a
subdirectory of a cosign protected directory. The subdirectory has a
.htaccess file that looks like this:
require group group1
My mod_authz_ldap was patched and build, following the directions in
mod_authz_ldap-NOTES.txt.
Any idea what might be going on here?
--
________________________________________________________________________
Ben Poliakoff <benp@xxxxxxxx> | Unix System Administrator | Reed College
PGP fingerprint: A131 F813 7A0F C5B7 E74D C972 9118 A94D 6AF5 2019
| 
