httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "david@ecker-software.de" <da...@ecker-software.de>
Subject Re: [users@httpd] Issues Implementing ldap authentication.
Date Wed, 01 May 2013 14:48:37 GMT
Hi,

the documentation for AuthzLDAPAuthoritative :
 <snip>Prevent other authentication modules from authenticating the user if this
one fails</snip>

Default is on but you did set it to off, why? If ldap fails another
authorization will be tried.

The main problems should be the line <snip> AuthType Digest</snip>. As far as
I
know you can use digest/MD5 password encryption with file authentification but
not with LDAP. LDAP requires basic authentification. But beware that without any
other security meachanism like VPN or SSL a simple network sniffer will be able
to get the passwords from the network stream.

bye,
David

> "Smith, Mitchell" <mitchell.smith@cwc.com> hat am 1. Mai 2013 um 15:52
> geschrieben:
> 
>  Hi,
> 
>  I am trying to implement ldap authentication into my configuration for svn
> running under apache2.2 (httpd2.2.24) running on Linux.
> 
>  I have the following configuration, but it appears that it always fails to
> call the ldap server.
> 
>          <IfModule dav_svn_module>
>                  <Location />
>                          DAV svn
>                          SVNParentPath /opt/subversion/repos
>                          SVNListParentPath On
>                          AuthzSVNAccessFile /opt/subversion/svnaccess
>                          AuthzLDAPAuthoritative off
>                          AuthBasicProvider ldap
>                          AuthType Digest
>                          AuthName "<http://DOMAIN.COM> "
>                          AuthLDAPBindDN "CN=TestSVN,OU=Users -
> Users,OU=Accounts,DC=CWIHQ,DC=CWIGINTRA,DC=COM"
>                          AuthLDAPBindPassword "Password"
>                          AuthLDAPURL
> "ldap://<http://LDAP.DOMAIN.COM:389/DC=DOMAIN,DC=COM?sAMAccountName?sub?(objectClass=*)>
> "
>                          Require valid-user
>                          # AuthUserFile
> /usr/subversion/apache2/conf.d/svnAuthBlank
>                  </Location>
>          </IfModule>
> 
>  It appears that ldap is never called, and the authentication attempts to fall
> back to the AuthUserFile, which I do not want.
> 
>  I have checked multiple tutorials online and cannot see where I am going
> wrong. If I un-comment the AuthUserFile it fails to authenticate as the user
> does not exist in the file.
> 
>  Can anyone assist with this.
> 
>  Thanks
> 
>  --
>  Mitchell Smith
> 
> 
> 
>  The information contained in this email (and any attachments) is confidential
> and may be privileged. If you are not the intended recipient
>  and have received this email in error, please notify the sender immediately
> by reply email and delete the message and any attachments.
>  If you are not the named addressee, you must not copy, disclose, forward or
> otherwise use the information contained in this email.
>  Cable & Wireless Communications Plc and its affiliates reserve the right to
> monitor all email communications through their networks to
>  ensure regulatory compliance.
> 
>  Cable & Wireless Communications Plc is a company registered in England &
> Wales with number:
>  07130199 and offices located at 3rd Floor, 26 Red Lion Square, London WC1R
> 4HQ
> 
> 


Mime
View raw message