Re: Group authentication to AD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




>With what configuration exactly?
My location block is configured as below:
<Location /test_repo>
dav svn
SVNPath /disk01/home/test_repo
AuthType Basic
AuthName "Subversion Repository"
AuthBasicProvider ldap-FCGNET ldap-VIET
AuthzLDAPAuthoritative on
Require valid-user
Require ldap-group CN=Active_Directory Group Name,OU=U.S.,OU=Groups,DC=domain,DC=com
#Require ldap-user pmoss
</Location>
 
I've configured my aliases, in my http.conf file, as follows:
<AuthnProviderAlias ldap ldap-FCGNET>
        AuthLDAPBindDN FCGNET\account_name
        AuthLDAPBindPassword xxxxxxxxxx
        AuthLDAPURL ldap://server.domain.com:3268/DC=domain,DC=com?samAccountName?sub?(objectCategory=person)
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap-VIET>
        AuthLDAPBindDN "CN=account_name,OU=Service Accounts,OU=Users,OU=Production,DC=domain,DC=com"
        AuthLDAPBindPassword xxxxxxxxx
        AuthLDAPURL ldap://server.domain.com:3268/DC=domain,DC=com?samAccountName?sub?(objectCategory=person)
</AuthnProviderAlias>


PATI MOSS
System Engineer Sr. Professional
CSC




From: Eric Covener <covener@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Date: 11/19/2010 10:40 AM
Subject: Re: Group authentication to AD





On Fri, Nov 19, 2010 at 10:16 AM, Patricia A Moss <pmoss4@xxxxxxx> wrote:
>
> >requirements are OR'ed in 2.2.x.  Remove valid-user.
>
> That was one of the tests that I attempted and posted:
> 2. If I remove "Require valid-user" then I receive an error when attempting access the repository and the error.log is as follows:
> [Mon Nov 15 14:38:15 2010] [debug] mod_authnz_ldap.c(377): [client 20.8.xxx.18x] [27994] auth_ldap authenticate: using URL ldap://server.domain.com:3268/DC=domain,DC=com?samAccountName?sub?(objectCategory=person)
> [Mon Nov 15 14:38:15 2010] [debug] mod_authnz_ldap.c(474): [client 20.8.xxx.18x] [27994] auth_ldap authenticate: accepting pmoss
> [Mon Nov 15 14:38:15 2010] [crit] [client 20.8.232.187] configuration error:  couldn't check access.  No groups file?: /test_repo/

With what configuration exactly?



>
> PATI MOSS
> System Engineer Sr. Professional
> CSC
>
>
> From: Eric Covener <covener@xxxxxxxxx>
> To: users@xxxxxxxxxxxxxxxx
> Date: 11/19/2010 10:09 AM
> Subject: Re: Group authentication to AD
> ________________________________
>
>
> > I have require ldap-filters configured in my location block, but it is not filtering.  It is still letting any valid userid through.
> > My location block is configured as below:
> > Require valid-user
> > Require ldap-group CN=Active_Directory Group Name,OU=U.S.,OU=Groups,DC=domain,DC=com
>
> requirements are OR'ed in 2.2.x.  Remove valid-user.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:
>
http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>



--
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:
http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux