[prog] Getting Remote_User .htaccess (not working)

Almut Behrens almut-behrens at gmx.net
Fri Nov 19 12:27:46 EST 2004


On Fri, Nov 19, 2004 at 10:29:21AM +1100, Gareth Anderson wrote:
> (...)
> Apache/1.3.28 Server at yoyo.its.monash.edu.au Port 80
> "
> I emphaise the 1.3.x part.
> 
> Also there are several mod_ldap modules in apache 1.3.x
> 
> THis one   http://nona.net/software/ldap/config/ was installed from
> FreeBSD ports I believe.

Well, if I download the source of that module from that site:

  http://nona.net/download/mod_auth_ldap-0.5.1.tar.gz

unpack it, and do a "grep -i AuthLDAP *", I get

CHANGES:membership string, added AuthLDAPSearchScope. 
mod_auth_ldap.c:{ "AuthLDAPHosts", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPBindDN", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPBindPassword", ap_set_string_slot,
mod_auth_ldap.c:    "The password corresponding to AuthLDAPBindDN" },
mod_auth_ldap.c:{ "AuthLDAPBaseDN", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPUserKey", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPPassKey", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPGroupKey", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPBaseSearch", ap_set_flag_slot,
mod_auth_ldap.c:    "Deprecated. Use 'AuthLDAPSearchScope'. Anyway: Set to 'on' if you do want to do a base search only" },
mod_auth_ldap.c:{ "AuthLDAPSearchScope", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPAuthoritative", ap_set_flag_slot,
mod_auth_ldap.c:{ "AuthLDAPCryptPasswords", ap_set_flag_slot,
mod_auth_ldap.c:{ "AuthLDAPBindAsUser", ap_set_flag_slot,
mod_auth_ldap.c:{ "AuthLDAPSchemePrefix", ap_set_flag_slot,
README:   AuthLDAPHosts "ldapserver otherserver:1234"
README:   AuthLDAPBindDN "reader=web,type=access,o=nonanet,c=at"
README:   AuthLDAPBindPassword abc123
README:   AuthLDAPBindAsUser on
README:   AuthLDAPBaseDN "type=luser,o=nonanet,c=at"
README:   AuthLDAPUserKey lusername
README:If we don't use "AuthLDAPBindAsUser" (and therefore didn't add the above 
README:   AuthLDAPBaseDN "type=luser,o=nonanet,c=at"
README:   AuthLDAPSearchScope base
README:   AuthLDAPUserKey webuser
README:   AuthLDAPPassKey webpassword
README:   AuthLDAPSearchScope onelevel
README:   AuthLDAPSearchScope subtree
README:If we're using AuthLDAPBindAsUser, the password check is being skipped, 
README:   AuthLDAPCryptPasswords on
README:   AuthLDAPSchemePrefix on
README:   AuthLDAPGroupKey webgroup


As you can easily verify yourself, there is no "AuthLDAPUrl" directive
in _that_ code...  It's a complete mystery to me how any config using
that directive might work.

If I were you, I'd first try to find that 1.3.x-module which supports
AuthLDAPUrl -- there you might find more info on how to configure it.
I'm not aware of any attempts to backport the 2.x-mod_auth_ldap to
1.3.x, but maybe there are...  Otherwise, I suspect your webserver in
fact is a 2.x apache in disguise (e.g. to confuse any potential
attackers...).  Do you have any independent evidence (in addition to
the server saying "Apache/1.3.28 Server at...") that this really is a
1.3.x apache?

Wiser heads than mine will have to figure out what's going on at
yoyo.its.monash.edu.au ... ;)

Anyway, good luck!
Almut



More information about the Programming mailing list