RHEL4 - CentOS4 - mod_authz_ldap

Pondělí Září 26 13:28:40 CEST 2005

Petr Klíma wrote:
> Zdravim
>
> mam problem s mod_authz_ldap ktery je takto nastaveny:
>
> <Directory /var/www/html/weby_2005>
>     AuthzLDAPServer         "ldap:389"
>     AuthzLDAPUserBase         dc=group,dc=cz
>     AuthzLDAPBindDN           uid=ds,ou=People,dc=group,dc=cz
>     AuthzLDAPBindPassword     XXXXX
>     AuthzLDAPUserKey         uid
>     AuthzLDAPUserScope         subtree
>     AuthzLDAPLogLevel         debug
>
>     # needed for user auth
>     AuthzLDAPMethod ldap
>
>    # needed for group auth
>    AuthzLDAPMethod         ldap
>    AuthzLDAPGroupBase         ou=Groups,dc=group,dc=cz
>    AuthzLDAPGroupKey          cn
>
>    # map users to the uid uid for membership checking
>    AuthzLDAPMapUserToAttr          uid
>    AuthzLDAPSetGroupAuth           map
>
>    # this means that the memberUid attribute must match the uid
>    # (which is the result of the map operation)
>    AuthzLDAPMemberKey          memberUid
>
>     AuthType basic
>     AuthName "Katalog"
>
>     <Limit GET POST>
>         deny from all
>         allow from all
>         #require user klima
>         require valid-user
>         #require group wprgs
>     </Limit>
>
> </Directory>
>
>
> Pokud použiju "require valid-user" nebo "require group wprgs" tak to 
> šlape (můžu se zalogovat s uid "klima"), ale "require user klima" mi 
> furt hází "Forbidden".
>
Strelim od boku. Nebylo by lepsi napsat:

    require user uid=klima,ou=People,dc=group,dc=cz ? Nikde totiz neni 
definovan defaultni DN-base pro usery.

Vla:da