RHEL4 - CentOS4 - mod_authz_ldap
Petr Klíma
qaxi na seznam.cz
Pondělí Září 26 13:51:21 CEST 2005
Vladimir Dvorak napsal(a):
> Petr Klíma wrote:
>
>> Zdravim
>>
>> mam problem s mod_authz_ldap ktery je takto nastaveny:
>>
>> <Directory /var/www/html/weby_2005>
>> AuthzLDAPServer "ldap:389"
>> AuthzLDAPUserBase dc=group,dc=cz
>> AuthzLDAPBindDN uid=ds,ou=People,dc=group,dc=cz
>> AuthzLDAPBindPassword XXXXX
>> AuthzLDAPUserKey uid
>> AuthzLDAPUserScope subtree
>> AuthzLDAPLogLevel debug
>>
>> # needed for user auth
>> AuthzLDAPMethod ldap
>>
>> # needed for group auth
>> AuthzLDAPMethod ldap
>> AuthzLDAPGroupBase ou=Groups,dc=group,dc=cz
>> AuthzLDAPGroupKey cn
>>
>> # map users to the uid uid for membership checking
>> AuthzLDAPMapUserToAttr uid
>> AuthzLDAPSetGroupAuth map
>>
>> # this means that the memberUid attribute must match the uid
>> # (which is the result of the map operation)
>> AuthzLDAPMemberKey memberUid
>>
>> AuthType basic
>> AuthName "Katalog"
>>
>> <Limit GET POST>
>> deny from all
>> allow from all
>> #require user klima
>> require valid-user
>> #require group wprgs
>> </Limit>
>>
>> </Directory>
>>
>>
>> Pokud použiju "require valid-user" nebo "require group wprgs" tak to
>> šlape (můžu se zalogovat s uid "klima"), ale "require user klima" mi
>> furt hází "Forbidden".
>>
> Strelim od boku. Nebylo by lepsi napsat:
>
> require user uid=klima,ou=People,dc=group,dc=cz ? Nikde totiz neni
> definovan defaultni DN-base pro usery.
>
Kez byste mel pravdu, ale definovan je ...
AuthzLDAPUserBase dc=group,dc=cz
AuthzLDAPUserScope subtree
AuthzLDAPUserKey uid
ale stejnak to nezabralo
require user uid=klima,ou=People,o=qqqq,dc=group,dc=cz
Petr Klíma
e-mail: qaxi na seznam.cz
Další informace o konferenci Linux