RHEL4 - CentOS4 - mod_authz_ldap

[Petr Klíma]

Vladimir Dvorak napsal(a):
> Petr Klíma wrote:
> 
>> Zdravim
>>
>> mam problem s mod_authz_ldap ktery je takto nastaveny:
>>
>> <Directory /var/www/html/weby_2005>
>>     AuthzLDAPServer         "ldap:389"
>>     AuthzLDAPUserBase         dc=group,dc=cz
>>     AuthzLDAPBindDN           uid=ds,ou=People,dc=group,dc=cz
>>     AuthzLDAPBindPassword     XXXXX
>>     AuthzLDAPUserKey         uid
>>     AuthzLDAPUserScope         subtree
>>     AuthzLDAPLogLevel         debug
>>
>>     # needed for user auth
>>     AuthzLDAPMethod ldap
>>
>>    # needed for group auth
>>    AuthzLDAPMethod         ldap
>>    AuthzLDAPGroupBase         ou=Groups,dc=group,dc=cz
>>    AuthzLDAPGroupKey          cn
>>
>>    # map users to the uid uid for membership checking
>>    AuthzLDAPMapUserToAttr          uid
>>    AuthzLDAPSetGroupAuth           map
>>
>>    # this means that the memberUid attribute must match the uid
>>    # (which is the result of the map operation)
>>    AuthzLDAPMemberKey          memberUid
>>
>>     AuthType basic
>>     AuthName "Katalog"
>>
>>     <Limit GET POST>
>>         deny from all
>>         allow from all
>>         #require user klima
>>         require valid-user
>>         #require group wprgs
>>     </Limit>
>>
>> </Directory>
>>
>>
>> Pokud použiju "require valid-user" nebo "require group wprgs" tak to 
>> šlape (můžu se zalogovat s uid "klima"), ale "require user klima" mi 
>> furt hází "Forbidden".
>>
> Strelim od boku. Nebylo by lepsi napsat:
> 
>    require user uid=klima,ou=People,dc=group,dc=cz ? Nikde totiz neni 
> definovan defaultni DN-base pro usery.
> 

Kez byste mel pravdu, ale definovan je  ...

AuthzLDAPUserBase         dc=group,dc=cz
AuthzLDAPUserScope        subtree
AuthzLDAPUserKey          uid

ale stejnak to nezabralo

require user uid=klima,ou=People,o=qqqq,dc=group,dc=cz


    Petr Klíma

    e-mail:  qaxi na seznam.cz