[prog] Getting Remote_User .htaccess (not working)
Almut Behrens
almut-behrens at gmx.net
Fri Nov 19 12:27:46 EST 2004
On Fri, Nov 19, 2004 at 10:29:21AM +1100, Gareth Anderson wrote:
> (...)
> Apache/1.3.28 Server at yoyo.its.monash.edu.au Port 80
> "
> I emphaise the 1.3.x part.
>
> Also there are several mod_ldap modules in apache 1.3.x
>
> THis one http://nona.net/software/ldap/config/ was installed from
> FreeBSD ports I believe.
Well, if I download the source of that module from that site:
http://nona.net/download/mod_auth_ldap-0.5.1.tar.gz
unpack it, and do a "grep -i AuthLDAP *", I get
CHANGES:membership string, added AuthLDAPSearchScope.
mod_auth_ldap.c:{ "AuthLDAPHosts", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPBindDN", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPBindPassword", ap_set_string_slot,
mod_auth_ldap.c: "The password corresponding to AuthLDAPBindDN" },
mod_auth_ldap.c:{ "AuthLDAPBaseDN", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPUserKey", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPPassKey", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPGroupKey", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPBaseSearch", ap_set_flag_slot,
mod_auth_ldap.c: "Deprecated. Use 'AuthLDAPSearchScope'. Anyway: Set to 'on' if you do want to do a base search only" },
mod_auth_ldap.c:{ "AuthLDAPSearchScope", ap_set_string_slot,
mod_auth_ldap.c:{ "AuthLDAPAuthoritative", ap_set_flag_slot,
mod_auth_ldap.c:{ "AuthLDAPCryptPasswords", ap_set_flag_slot,
mod_auth_ldap.c:{ "AuthLDAPBindAsUser", ap_set_flag_slot,
mod_auth_ldap.c:{ "AuthLDAPSchemePrefix", ap_set_flag_slot,
README: AuthLDAPHosts "ldapserver otherserver:1234"
README: AuthLDAPBindDN "reader=web,type=access,o=nonanet,c=at"
README: AuthLDAPBindPassword abc123
README: AuthLDAPBindAsUser on
README: AuthLDAPBaseDN "type=luser,o=nonanet,c=at"
README: AuthLDAPUserKey lusername
README:If we don't use "AuthLDAPBindAsUser" (and therefore didn't add the above
README: AuthLDAPBaseDN "type=luser,o=nonanet,c=at"
README: AuthLDAPSearchScope base
README: AuthLDAPUserKey webuser
README: AuthLDAPPassKey webpassword
README: AuthLDAPSearchScope onelevel
README: AuthLDAPSearchScope subtree
README:If we're using AuthLDAPBindAsUser, the password check is being skipped,
README: AuthLDAPCryptPasswords on
README: AuthLDAPSchemePrefix on
README: AuthLDAPGroupKey webgroup
As you can easily verify yourself, there is no "AuthLDAPUrl" directive
in _that_ code... It's a complete mystery to me how any config using
that directive might work.
If I were you, I'd first try to find that 1.3.x-module which supports
AuthLDAPUrl -- there you might find more info on how to configure it.
I'm not aware of any attempts to backport the 2.x-mod_auth_ldap to
1.3.x, but maybe there are... Otherwise, I suspect your webserver in
fact is a 2.x apache in disguise (e.g. to confuse any potential
attackers...). Do you have any independent evidence (in addition to
the server saying "Apache/1.3.28 Server at...") that this really is a
1.3.x apache?
Wiser heads than mine will have to figure out what's going on at
yoyo.its.monash.edu.au ... ;)
Anyway, good luck!
Almut
More information about the Programming
mailing list