我有一个虚拟主机,我正在尝试使用LDAP身份validation。 我的configuration如下所示:
<VirtualHost 0.0.0.0:80> DocumentRoot "/var/www/root/" ServerName myServerName ServerAlias http://myServerName.com/ LogLevel debug ErrorLog "/var/log/apache2/svn_error_log" CustomLog "/var/log/apache2/svn_access_log" common <Directory "/var/www/root/"> Allow from all DirectoryIndex index.php </Directory> <Location "/"> AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthName "Auth" AuthLDAPURL "myLDAPURL" AuthLDAPBindDN "myLDAPBindDN" AuthLDAPBindPassword my-safe-password Require ldap-group OU=Users,OU=A,DC=B,DC=C,DC=D </Location> </VirtualHost> 当我尝试login时,它会拒绝我的身份validation并在日志中声明:
auth_ldap authenticate: using URL myLDAPURL auth_ldap authenticate: accepting username auth_ldap authorise: require group: testing for group membership in "OU=Users,OU=A,DC=B,DC=C,DC=D" auth_ldap authorise: require group: testing for member: CN=username,OU=Users,OU=A,DC=B,DC=C,DC=D (OU=Users,OU=A,DC=B,DC=C,DC=D) auth_ldap authorise: require group "OU=Users,OU=A,DC=B,DC=C,DC=D": authorisation failed [Comparison no such attribute (adding to cache)][No such attribute] auth_ldap authorise: require group: testing for uniquemember: CN=username,OU=Users,OU=A,DC=B,DC=C,DC=D (OU=Users,OU=A,DC=B,DC=C,DC=D) auth_ldap authorise: require group "OU=Users,OU=A,DC=B,DC=C,DC=D": authorisation failed [Comparison no such attribute (adding to cache)][No such attribute] auth_ldap authorise: declining to authorise (not authoritative) access to / failed, reason: require directives present and no Authoritative handler.
我在这里做错了什么?
我尝试了AuthzLDAPAuthoritative On与相同的结果。 另外我敢肯定,LDAP工作正常,因为当我只Require valid-user而不是一个LDAP组,它工作正常。
您是否应该使用Require ldap-group而不是Require group ?
另外,如果组成员由LDAP组的uniquemember属性的值标识,那么您需要添加AuthLDAPGroupAttribute uniquemember 。