我试图build立一个也代理LDAP基本身份validation的Apache代理:
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ ProxyPreserveHost On ProxyRequests Off AllowEncodedSlashes NoDecode RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" <Location /> AuthType Basic AuthName "LDAP Login for access" AuthBasicProvider ldap AuthLDAPBindDN USER@DOMAIN AuthLDAPBindPassword PASSWORD AuthLDAPURL ldaps://FQDN:636/CN=..,OU=..?uid?sub Require valid-user </Location> ProxyPass在没有AuthType Basic部分的情况下工作,但是,如果合并,BasicAuth会要求input凭据,然后服务器会抛出一个500错误,而不会在他的error.log
我错过了什么?
这个configuration为我工作:
<Location /> AuthType Basic AuthName "LDAP Login" AuthBasicProvider ldap AuthLDAPBindDN USER@DOMAIN AuthLDAPBindPassword PASSWORD AuthLDAPURL ldap://IP:PORT/OU=...,DC=...,DC=...,DC=intern?uid?sub Require ldap-group CN=...,OU=...,OU=...,OU=...,DC=...,DC=...,DC=intern Require valid-user </Location> ProxyPass / http://localhost:8080/ nocanon ProxyPassReverse / http://localhost:8080/ ProxyPreserveHost On ProxyRequests Off AllowEncodedSlashes NoDecode RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443"
看来命令的顺序是相关的。