|
Home > Archive > Netware Webserver > May 2005 > Antw: require edir-user doesn't work
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Antw: require edir-user doesn't work
|
|
| Dirk Heimann 2005-05-20, 7:45 am |
| Hi Van,
do you see anything in the dstrace screen, with the option +LDAP??
If no, you must create a LDAP Proxy User, and accossiate it to the LDAPServer Object. Look at TID' 10062428 and 10084506.
If you have not a flat Tree, add following line on the top of http.conf file: eDirCacheTimeout 0
All User must have filesystem read rights from there Documentroot
regards
Dirk
[vbcol=seagreen]
Has anyone ever gotten the "require edir-user" directive to work? I've
looked in the TIDs, newsgroups, and general Google search and have found
lots of reports of problems, but no solutions.
I'm trying to secure a directory using file system permissions. The
server is running NW 6.5 SP2, Apache 2.0.52, and mod_edir 1.0.8 (was
initially 1.0.7, but was upgraded in the troubleshooting process). I
have verified that mod_edir is loaded and is being loaded by this
particular instance of Apache. Utilldap and authldap are also loaded
their version is listed as 2.00.52.
The server Apache is running on is also the eDirectory server. User
home directories is configured and working fine. I have tried switching
between ldaps and ldap with no joy. It also doesn't matter whether
searching on UID or CN. I've also changing the AuthLDAPAuthoritative
directive and setting AuthLDAPDereferenceAliases to never.
When someone with the proper permissions tries to hit the secured
folder, they are prompted to login 3 times and then receive a 401 error.
The Apache error log show this repeated 3 times:
[Thu May 19 09:49:32 2005] [error] [client XX.XX.XX.XX] access to /ejc
failed, reason: user FRED not allowed access
[Thu May 19 09:49:32 2005] [error] [client XX.XX.XX.XX] access to /ejc
failed, reason: unknown require directive:"edir-user"
[Thu May 19 09:49:32 2005] [error] [client XX.XX.XX.XX] failed to set
the current working directory for cn=FRED.ou=users.o=law error: 9
The directory's configuration is as follows:
<Directory DATA:/Shared/LawClinic/EJCWeb>
Options MultiViews
AllowOverride None
Order deny,allow
Allow from all
AuthType Basic
AuthName "EJC Web"
Require edir-user
AuthLDAPAuthoritative Off
AuthLDAPURL ldaps://server.domain.edu/ou=users,o=law?uid?sub
</Directory>
<IfModule mod_edir.c>
eDirServer server.domain.edu
hDirUserSubDirectory public_html
RemoteDirEnabled off
HomeDirEnabled On
hDirSearchContexts ou=users,o=law
</IfModule>
<IfModule mod_auth_ldap.c>
AuthLDAPCharsetConfig conf/charset.conv
</IfModule>
Any help or suggestions would be greatly appreciated.
Thanks,
Dan Vander Ploeg
University of Illinois college of Law
| |
| Dan Van 2005-05-20, 5:45 pm |
| This is what I get on the trace:
14:08:45 6D9F6220 FFFFFFFF LDAP: DoBind on connection 0x66491000
14:08:45 6D9F6220 FFFFFFFF LDAP: Treating simple bind with empty DN and
no password as anonymous
14:08:45 6D9F6220 FFFFFFFF LDAP: Bind name:NULL, version:3,
authentication:simple
14:08:45 6D9F6220 FFFFFFFF LDAP: Sending operation result 0:"":"" to
connection 0x66491000
14:08:45 6D9F6220 FFFFFFFF LDAP: DoSearch on connection 0x66491000
14:08:45 6D9F6220 FFFFFFFF LDAP: Search request:
base: "ou=users,o=law"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(objectclass=*)(uid=danvan))"
attribute: "uid"
14:08:45 6D9F6220 FFFFFFFF LDAP: Sending search result entry
"cn=fred,ou=users,o=law" to connection 0x66491000
14:08:45 6D9F6220 FFFFFFFF LDAP: Sending operation result 0:"":"" to
connection 0x66491000
14:08:45 6D9F6220 FFFFFFFF LDAP: DoBind on connection 0x66491000
14:08:45 6D9F6220 FFFFFFFF LDAP: Bind name:cn=fred,ou=users,o=law,
version:3, authentication:simple
14:08:45 6D9F6220 FFFFFFFF LDAP: Sending operation result 0:"":"" to
connection 0x66491000
-Dan
Dirk Heimann wrote:
> Hi Van,
> do you see anything in the dstrace screen, with the option +LDAP??
> If no, you must create a LDAP Proxy User, and accossiate it to the LDAPServer Object. Look at TID' 10062428 and 10084506.
> If you have not a flat Tree, add following line on the top of http.conf file: eDirCacheTimeout 0
> All User must have filesystem read rights from there Documentroot
>
> regards
> Dirk
>
>
>
> Has anyone ever gotten the "require edir-user" directive to work? I've
> looked in the TIDs, newsgroups, and general Google search and have found
> lots of reports of problems, but no solutions.
>
> I'm trying to secure a directory using file system permissions. The
> server is running NW 6.5 SP2, Apache 2.0.52, and mod_edir 1.0.8 (was
> initially 1.0.7, but was upgraded in the troubleshooting process). I
> have verified that mod_edir is loaded and is being loaded by this
> particular instance of Apache. Utilldap and authldap are also loaded
> their version is listed as 2.00.52.
>
> The server Apache is running on is also the eDirectory server. User
> home directories is configured and working fine. I have tried switching
> between ldaps and ldap with no joy. It also doesn't matter whether
> searching on UID or CN. I've also changing the AuthLDAPAuthoritative
> directive and setting AuthLDAPDereferenceAliases to never.
>
> When someone with the proper permissions tries to hit the secured
> folder, they are prompted to login 3 times and then receive a 401 error.
> The Apache error log show this repeated 3 times:
>
> [Thu May 19 09:49:32 2005] [error] [client XX.XX.XX.XX] access to /ejc
> failed, reason: user FRED not allowed access
> [Thu May 19 09:49:32 2005] [error] [client XX.XX.XX.XX] access to /ejc
> failed, reason: unknown require directive:"edir-user"
> [Thu May 19 09:49:32 2005] [error] [client XX.XX.XX.XX] failed to set
> the current working directory for cn=FRED.ou=users.o=law error: 9
>
> The directory's configuration is as follows:
>
> <Directory DATA:/Shared/LawClinic/EJCWeb>
> Options MultiViews
> AllowOverride None
> Order deny,allow
> Allow from all
> AuthType Basic
> AuthName "EJC Web"
> Require edir-user
> AuthLDAPAuthoritative Off
> AuthLDAPURL ldaps://server.domain.edu/ou=users,o=law?uid?sub
> </Directory>
>
> <IfModule mod_edir.c>
> eDirServer server.domain.edu
> hDirUserSubDirectory public_html
> RemoteDirEnabled off
> HomeDirEnabled On
> hDirSearchContexts ou=users,o=law
> </IfModule>
>
> <IfModule mod_auth_ldap.c>
> AuthLDAPCharsetConfig conf/charset.conv
> </IfModule>
>
> Any help or suggestions would be greatly appreciated.
>
> Thanks,
>
> Dan Vander Ploeg
> university of Illinois college of Law
>
>
|
|
|
|
|