RHEL4 - CentOS4 - mod_authz_ldap

Petr Klíma qaxi na seznam.cz
Úterý Září 27 08:38:50 CEST 2005 

Chlopcik Ales napsal(a):
> Petr Klíma wrote:
> 
>>Vladimir Dvorak napsal(a):
>>
>>>Petr KlĂ­ma wrote:
>>>
>>>
>>>>Zdravim
>>>>
>>>>mam problem s mod_authz_ldap ktery je takto nastaveny:
>>>>
>>>><Directory /var/www/html/weby_2005>
>>>>    AuthzLDAPServer         "ldap:389"
>>>>    AuthzLDAPUserBase         dc=group,dc=cz
>>>>    AuthzLDAPBindDN           uid=ds,ou=People,dc=group,dc=cz
>>>>    AuthzLDAPBindPassword     XXXXX
>>>>    AuthzLDAPUserKey         uid
>>>>    AuthzLDAPUserScope         subtree
>>>>    AuthzLDAPLogLevel         debug
>>>>
>>>>    # needed for user auth
>>>>    AuthzLDAPMethod ldap
>>>>
>>>>   # needed for group auth
>>>>   AuthzLDAPMethod         ldap
>>>>   AuthzLDAPGroupBase         ou=Groups,dc=group,dc=cz
>>>>   AuthzLDAPGroupKey          cn
>>>>
>>>>   # map users to the uid uid for membership checking
>>>>   AuthzLDAPMapUserToAttr          uid
>>>>   AuthzLDAPSetGroupAuth           map
>>>>
>>>>   # this means that the memberUid attribute must match the uid
>>>>   # (which is the result of the map operation)
>>>>   AuthzLDAPMemberKey          memberUid
>>>>
>>>>    AuthType basic
>>>>    AuthName "Katalog"
>>>>
>>>>    <Limit GET POST>
>>>>        deny from all
>>>>        allow from all
>>>>        #require user klima
>>>>        require valid-user
>>>>        #require group wprgs
>>>>    </Limit>
>>>>
>>>></Directory>
>>>>
>>>>
>>>>Pokud pouĹžiju "require valid-user" nebo "require group wprgs" tak to
>>>>ĹĄlape (mĹŻĹžu se zalogovat s uid "klima"), ale "require user klima" mi
>>>>furt hĂĄzĂ­ "Forbidden".
>>>>
>>>
>>>Strelim od boku. Nebylo by lepsi napsat:
>>>
>>>   require user uid=klima,ou=People,dc=group,dc=cz ? Nikde totiz neni
>>>definovan defaultni DN-base pro usery.
>>>
>>
>>Kez byste mel pravdu, ale definovan je  ...
>>
>>AuthzLDAPUserBase         dc=group,dc=cz
>>AuthzLDAPUserScope        subtree
>>AuthzLDAPUserKey          uid
>>
>>ale stejnak to nezabralo
>>
>>require user uid=klima,ou=People,o=qqqq,dc=group,dc=cz
>>
>>    Petr KlĂ­ma
>>
>>    e-mail:  qaxi na seznam.cz
>>
> 
> 
> 	A odkud se Vam tam vzalo to _o=qqqq_ ??
> 	Podle vypisu konfigurace by mel dotaz znit :
> require user uid=klima,ou=People,dc=group,dc=cz
> 

Je tam
AuthzLDAPUserScope        subtree

a v etheralu vidim, ze mu to vrati opravdu
uid=klima,ou=People,o=qqqq,dc=group,dc=cz

a s timhle DN se tam i uspesne bindne ...

to je prave ten pruser ...

-- 

    Petr Klíma

    e-mail:  qaxi na seznam.cz

Další informace o konferenci Linux