我想在网页上进行LDAP身份validation。
在CentOS服务器上.htaccess看起来像这样
Order deny,allow Deny from All AuthName "Only members" AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPUrl ldaps://nms.example.com/dc=ldap,dc=example,dc=com?uid AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off Require ldap-group cn=example,ou=group,dc=ldap,dc=example,dc=com Satisfy any
和新的Ubuntu服务器上的Apacheconfiguration看起来像这样
<IfModule mod_ssl.c> <VirtualHost 123.123.123.123:443> ServerAdmin webmaster@localhost ServerName example.com:443 DocumentRoot /var/www/example.com <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/examle.com Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/example.com-error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/ssl/certs/example_com.cer SSLCertificateKeyFile /etc/ssl/private/example_com.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule>
但是,当我在SSL / HTTPS工作的新的Ubuntu服务器上放置相同的.htaccess文件时,不会出现validation框。
日志文件不会注册任何错误。
任何人都可以看到什么可能会丢失/错误?
您需要更改configuration中的AllowOverride行以允许在htaccess文件中进行身份validation,例如:
AllowOverride AuthConfig
一条线如:
AllowOverride None
将阻止在htaccess文件中执行authentication指令。
这是我有一个工作的configuration,但我需要从我的searchpath任何有效的LDAP用户;
Order deny,allow Deny from All AllowOverride AuthConfig AuthName "Vostron Staff Only" AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL "ldap://auth01.int.vostron.net:389/dc=int,dc=vostron,dc=net" AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDn off Require valid-user Satisfy any
此外,不要忘记启用ldap.load和authnz_ldap.load