[gentoo-user] mod_auth_ldap vs USE=ldap for apache2

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-user] mod_auth_ldap vs USE=ldap for apache2
@ 2007-04-11 12:57 Wolfgang Liebich
  2007-04-11 13:07 ` [gentoo-user] Followup: " Wolfgang Liebich
  0 siblings, 1 reply; 2+ messages in thread
From: Wolfgang Liebich @ 2007-04-11 12:57 UTC (permalink / raw
  To: gentoo-user

Hi,
I try to setup access to several SVN repositories. They are located on a 
gentoo server (will probably be moved to a solaris system though).
Authentification should be done against our ActiveDirectory Windows 
system - i.e. the SVN users will only need windows user name and
windows password.
I managed such a setup (with minimal restrictions) for one 
organizational unit. BUT now we get coworkers from a DIFFERENT OU. And now
the troubles start:
- The Base DN MUST contain the OU part (orga1 or orga2), otherwise 
mod_auth_ldap can't find the users.
- I can only specify one Base DN.
- The Sub_DN config parameter doesn't work.
- It is not described anyways if more than one Sub_DN is allowed.

A possible loophole would be some apache module which says essentially 
"Try LDAP config #1 first, config #2 second if the first one fails". 
Better of cours
would be something which does a RECURSIVE ldap lookup in the subtree 
(like the "ldapsearch" program coming with openldap).

There is a "ldap" USE flag for apache2. I tried it once - and my old 
authorization didn't work anymore :-( It seems to add ANOTHER LDAP auth 
module, but it also
somehow impedes the old one.
I'm somewhat lost in the maze of all that modules - can someone help me? :-(
Versions used:

eix apache -I
[I] net-www/apache
     Available versions:
        (1)     1.3.34-r14 ~1.3.37
        (2)     2.0.58-r2 ~2.0.59-r2 [M]~2.2.4
     Installed versions:  2.0.58-r2(2)(07:35:18 12/06/06)(apache2 -debug 
doc -ldap -mpm-itk -mpm-leader -mpm-peruser mpm-prefork -mpm-threadpool 
-mpm-worker -selinux ssl -static-modules -threads)
     Homepage:            http://httpd.apache.org/
     Description:         The Apache Web Server.

eix mod_auth_ldap
[I] net-www/mod_auth_ldap
     Available versions:  3.3
     Installed versions:  3.3(08:45:04 03/08/07)(apache2 berkdb 
-diskcache gdbm -memcache)
     Homepage:            
http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html
     Description:         Apache module for LDAP authorization

(Another question - according to the module homepage, the current module 
version is 2.16. What version is used by mod_auth_ldap)?

Puzzled in Vienna,
Wolfgang Liebich
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 2+ messages in thread

* [gentoo-user] Followup: mod_auth_ldap vs USE=ldap for apache2
  2007-04-11 12:57 [gentoo-user] mod_auth_ldap vs USE=ldap for apache2 Wolfgang Liebich
@ 2007-04-11 13:07 ` Wolfgang Liebich
  0 siblings, 0 replies; 2+ messages in thread
From: Wolfgang Liebich @ 2007-04-11 13:07 UTC (permalink / raw
  To: gentoo-user

Another somehwat unclear thing:
In the config flag AUTH_LDAP seems to be responsible for BOTH ldap auth 
modules (mm_mod_auth_ldap AND mod_auth_ldap) - is there some
configurable way to disentangle them?
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2007-04-11 13:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-04-11 12:57 [gentoo-user] mod_auth_ldap vs USE=ldap for apache2 Wolfgang Liebich
2007-04-11 13:07 ` [gentoo-user] Followup: " Wolfgang Liebich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox