From: Wolfgang Liebich <wolfgang.liebich@siemens.com>
To: gentoo-user <gentoo-user@lists.gentoo.org>
Subject: [gentoo-user] mod_auth_ldap vs USE=ldap for apache2
Date: Wed, 11 Apr 2007 14:57:52 +0200 [thread overview]
Message-ID: <461CDB50.6020707@siemens.com> (raw)
Hi,
I try to setup access to several SVN repositories. They are located on a
gentoo server (will probably be moved to a solaris system though).
Authentification should be done against our ActiveDirectory Windows
system - i.e. the SVN users will only need windows user name and
windows password.
I managed such a setup (with minimal restrictions) for one
organizational unit. BUT now we get coworkers from a DIFFERENT OU. And now
the troubles start:
- The Base DN MUST contain the OU part (orga1 or orga2), otherwise
mod_auth_ldap can't find the users.
- I can only specify one Base DN.
- The Sub_DN config parameter doesn't work.
- It is not described anyways if more than one Sub_DN is allowed.
A possible loophole would be some apache module which says essentially
"Try LDAP config #1 first, config #2 second if the first one fails".
Better of cours
would be something which does a RECURSIVE ldap lookup in the subtree
(like the "ldapsearch" program coming with openldap).
There is a "ldap" USE flag for apache2. I tried it once - and my old
authorization didn't work anymore :-( It seems to add ANOTHER LDAP auth
module, but it also
somehow impedes the old one.
I'm somewhat lost in the maze of all that modules - can someone help me? :-(
Versions used:
eix apache -I
[I] net-www/apache
Available versions:
(1) 1.3.34-r14 ~1.3.37
(2) 2.0.58-r2 ~2.0.59-r2 [M]~2.2.4
Installed versions: 2.0.58-r2(2)(07:35:18 12/06/06)(apache2 -debug
doc -ldap -mpm-itk -mpm-leader -mpm-peruser mpm-prefork -mpm-threadpool
-mpm-worker -selinux ssl -static-modules -threads)
Homepage: http://httpd.apache.org/
Description: The Apache Web Server.
eix mod_auth_ldap
[I] net-www/mod_auth_ldap
Available versions: 3.3
Installed versions: 3.3(08:45:04 03/08/07)(apache2 berkdb
-diskcache gdbm -memcache)
Homepage:
http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html
Description: Apache module for LDAP authorization
(Another question - according to the module homepage, the current module
version is 2.16. What version is used by mod_auth_ldap)?
Puzzled in Vienna,
Wolfgang Liebich
--
gentoo-user@gentoo.org mailing list
next reply other threads:[~2007-04-11 13:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-11 12:57 Wolfgang Liebich [this message]
2007-04-11 13:07 ` [gentoo-user] Followup: mod_auth_ldap vs USE=ldap for apache2 Wolfgang Liebich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=461CDB50.6020707@siemens.com \
--to=wolfgang.liebich@siemens.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox