RHEL4 - CentOS4 - mod_authz_ldap
Vladimir Dvorak
dvorakv na vdsoft.org
Pondělí Září 26 14:09:25 CEST 2005
Petr Klíma wrote:
> Vladimir Dvorak napsal(a):
>> Petr Klíma wrote:
>>
>>> Zdravim
>>>
>>> mam problem s mod_authz_ldap ktery je takto nastaveny:
>>>
>>> <Directory /var/www/html/weby_2005>
>>> AuthzLDAPServer "ldap:389"
>>> AuthzLDAPUserBase dc=group,dc=cz
>>> AuthzLDAPBindDN uid=ds,ou=People,dc=group,dc=cz
>>> AuthzLDAPBindPassword XXXXX
>>> AuthzLDAPUserKey uid
>>> AuthzLDAPUserScope subtree
>>> AuthzLDAPLogLevel debug
>>>
>>> # needed for user auth
>>> AuthzLDAPMethod ldap
>>>
>>> # needed for group auth
>>> AuthzLDAPMethod ldap
>>> AuthzLDAPGroupBase ou=Groups,dc=group,dc=cz
>>> AuthzLDAPGroupKey cn
>>>
>>> # map users to the uid uid for membership checking
>>> AuthzLDAPMapUserToAttr uid
>>> AuthzLDAPSetGroupAuth map
>>>
>>> # this means that the memberUid attribute must match the uid
>>> # (which is the result of the map operation)
>>> AuthzLDAPMemberKey memberUid
>>>
>>> AuthType basic
>>> AuthName "Katalog"
>>>
>>> <Limit GET POST>
>>> deny from all
>>> allow from all
>>> #require user klima
>>> require valid-user
>>> #require group wprgs
>>> </Limit>
>>>
>>> </Directory>
>>>
>>>
>>> Pokud použiju "require valid-user" nebo "require group wprgs" tak to
>>> šlape (můžu se zalogovat s uid "klima"), ale "require user klima" mi
>>> furt hází "Forbidden".
>>>
>> Strelim od boku. Nebylo by lepsi napsat:
>>
>> require user uid=klima,ou=People,dc=group,dc=cz ? Nikde totiz neni
>> definovan defaultni DN-base pro usery.
>>
>
> Kez byste mel pravdu, ale definovan je ...
>
> AuthzLDAPUserBase dc=group,dc=cz
> AuthzLDAPUserScope subtree
> AuthzLDAPUserKey uid
>
> ale stejnak to nezabralo
>
> require user uid=klima,ou=People,o=qqqq,dc=group,dc=cz
>
>
a dat DN do uvozovek ? ("uid=klima,ou=People,o=qqqq,dc=group,dc=cz ")
V.
Další informace o konferenci Linux