Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Apache2 & OpenLDAP: Authenticating gives error 401
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
adamtheo
Tux's lil' helper
Tux's lil' helper


Joined: 03 Sep 2002
Posts: 123
Location: Tallahassee, Florida USA
PostPosted: Fri Sep 19, 2003 6:38 am    Post subject: Apache2 & OpenLDAP: Authenticating gives error 401 Reply with quote
I have OpenLDAP successfully set up. I have imported some users which I am testing with. I have set up my system where all non-root logins use LDAP to authenticate against instead of the /etc/passwd file. I have tested this, and can log in even after removing the users from the /etc/passwd file.

I have now tried to get apache to authenticate against the LDAP directory so I can allow all users in the LDAP directory instant accounts on my website. I have the following configurations:

/etc/apache2/conf/apache2.conf:
Code:

### Dynamic Shared Object (DSO) Support
###
### You should always leave these three, as they are needed for normal use.
### mod_access (Order, Allow, etc..)
### mod_log_config (Transferlog, etc..)
### mod_mime (AddType, etc...)
###
LoadModule access_module                 modules/mod_access.so
LoadModule auth_module                   modules/mod_auth.so
LoadModule auth_anon_module              modules/mod_auth_anon.so
LoadModule auth_dbm_module               modules/mod_auth_dbm.so
LoadModule auth_digest_module            modules/mod_auth_digest.so
LoadModule ldap_module                   extramodules/mod_ldap.so
LoadModule auth_ldap_module              extramodules/mod_auth_ldap.so


/etc/apache2/conf/commonapache2.conf
Code:

ScriptAlias /bin/ "/opt/theoretic/www/bin/"
Alias / "/opt/theoretic/www/"

# For the base theoretic.com domain
<Directory /opt/theoretic/www>
  Options -Indexes FollowSymLinks
  AllowOverride None
  <IfModule mod_access.c>
    Order allow,deny
    Allow from all
  </IfModule>
</Directory>

# The following is for TWiki
<Directory "/opt/theoretic/www/bin">
  Options +ExecCGI
  SetHandler cgi-script
  <IfModule mod_access.c>
    Order allow,deny
    Allow from all
  </IfModule>
  AuthName "Use your Theoretic login to edit the website"
  AuthType Basic

  AuthLDAPUrl ldaps:///ou=Users,dc=theoretic,dc=com?uid?one

  <Files ~ "[^/]*\.html$">
    SetHandler blabla
    allow from all
  </Files>
  <Files "viewauth">
    require valid-user
  </Files>
  <Files "edit">
    require valid-user
  </Files>
  <Files "preview">
    require valid-user
  </Files>
  <Files "save">
    require valid-user
  </Files>
  <Files "attach">
    require valid-user
  </Files>
  <Files "upload"> 
    require valid-user
  </Files>
  <Files "rename">
    require valid-user
  </Files>
  <Files "rdiffauth">
    require valid-user
  </Files>
  <Files "manage">
    require valid-user
  </Files>
  <Files "installpasswd">
    require valid-user
  </Files>
  <Files "*">
    allow from all
  </Files>
</Directory>


Yet when I access http://new.theoretic.com/bin/edit/Main/Home and fill in a regular user and password (which works for logging in), it is rejected, and I am asked again for a username and password. Once I cancel, I am given an error 401. In the apache2 access logs I have:

/var/log/apache2/access_log
Quote:

68.35.232.20 - - [16/Sep/2003:02:58:27 +0000] "GET /bin/edit/Main/Home HTTP/1.1" 401 562
68.35.232.20 - - [16/Sep/2003:02:58:27 +0000] "GET /bin/edit/Main/Home HTTP/1.1" 401 562 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030820 Mozilla Firebird/0.6.1"
68.35.232.20 - adamtheo [16/Sep/2003:02:58:42 +0000] "GET /bin/edit/Main/Home HTTP/1.1" 401 562
68.35.232.20 - adamtheo [16/Sep/2003:02:58:42 +0000] "GET /bin/edit/Main/Home HTTP/1.1" 401 562 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030820 Mozilla Firebird/0.6.1"


Any ideas of how I can solve this, or just as good, get better debug info to figure out why apache2 is not using the LDAP directory to authenticate against?
_________________
* Theoretic Solutions "The Internet's Open Think-Tank" - http://www.theoretic.com
Back to top
View user's profile Send private message
indros
Tux's lil' helper
Tux's lil' helper


Joined: 27 Sep 2002
Posts: 139
PostPosted: Fri Sep 19, 2003 3:59 pm    Post subject: Reply with quote
It doesn't appear, in your authLDAPUrl, that you are specifying a host. If it's on the same machine try:

Code:

ldaps://localhost/ou=Users,dc=theoretic,dc=com?uid?one
Back to top
View user's profile Send private message
adamtheo
Tux's lil' helper
Tux's lil' helper


Joined: 03 Sep 2002
Posts: 123
Location: Tallahassee, Florida USA
PostPosted: Fri Sep 19, 2003 5:17 pm    Post subject: still no luck Reply with quote
Thanks for that, but even after adding my localhost and reloading apache2, it still does not work. Still much the same result in the apache2 access_log:

Quote:

68.35.232.20 - - [16/Sep/2003:13:49:47 +0000] "GET /bin/edit/Main/Home HTTP/1.1" 401 562
68.35.232.20 - - [16/Sep/2003:13:49:47 +0000] "GET /bin/edit/Main/Home HTTP/1.1" 401 562 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030820 Mozilla Firebird/0.6.1"
68.35.232.20 - adamtheo [16/Sep/2003:13:50:03 +0000] "GET /bin/edit/Main/Home HTTP/1.1" 401 562
68.35.232.20 - adamtheo [16/Sep/2003:13:50:03 +0000] "GET /bin/edit/Main/Home HTTP/1.1" 401 562 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030820 Mozilla Firebird/0.6.1"
68.35.232.20 - adamtheo [16/Sep/2003:13:50:16 +0000] "GET /bin/edit/Main/Home HTTP/1.1" 401 562
68.35.232.20 - adamtheo [16/Sep/2003:13:50:16 +0000] "GET /bin/edit/Main/Home HTTP/1.1" 401 562 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5a) Gecko/20030820 Mozilla Firebird/0.6.1"

_________________
* Theoretic Solutions "The Internet's Open Think-Tank" - http://www.theoretic.com
Back to top
View user's profile Send private message
indros
Tux's lil' helper
Tux's lil' helper


Joined: 27 Sep 2002
Posts: 139
PostPosted: Fri Sep 19, 2003 11:58 pm    Post subject: Reply with quote
Could you post a tail from /var/log/apache2/error_log, and /var/log/syslog?
Back to top
View user's profile Send private message
adamtheo
Tux's lil' helper
Tux's lil' helper


Joined: 03 Sep 2002
Posts: 123
Location: Tallahassee, Florida USA
PostPosted: Thu Sep 25, 2003 3:02 am    Post subject: here are debugs from logs Reply with quote
I have resolved the problem. It seems that I was specifying "ldaps" in the URI for apache2 to use to connect to the OpenLDAP directory, but since I am using "Start_TLS" for SSL to be on the same port as non-SSL, I shoul;d have been using just "ldap". It now works, thnaks!
_________________
* Theoretic Solutions "The Internet's Open Think-Tank" - http://www.theoretic.com
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy