Bug#400681: apache2.2-common: foo
Package: apache2.2-common
Version: 2.2.3-3.1
Severity: normal
Subject: apache2.2-common: mod_authn_alias does not play well with mod_authnz_ldap
Package: apache2.2-common
Version: 2.2.3-3.1
Severity: normal
The AuthnProviderAlias directive provided by mod_authn_alias does not
play well with LDAP authorization (provided by mod_authnz_ldap.)
Specifically, using AuthnProviderAlias with LDAP breaks the require
directives ldap-user and ldap-group. By way of example, consider the
following:
<AuthnProviderAlias ldap ldap-alias>
AuthLDAPURL ldap://fdqn/dc=foo,dc=bar?uid??
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute memberUid
</AuthnProviderAlias>
<Location /foo>
AuthBasicProvider ldap-alias
AuthType Basic
AuthName "auth via AuthnProvideAlias"
require ldap-user baz
</Location>
<Location /bar>
AuthBasicProvider ldap
AuthLDAPURL ldap://fdqn/dc=foo,dc=bar?uid??
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute memberUid
AuthType Basic
AuthName "direct auth"
require ldap-user baz
</Location>
In both cases LDAP authentication works. However, authorization at /foo does
not and gives an error like:
access to /foo failed, reason: require directives present and no Authoritative handler.
Authorization to /bar does work.
As a side note, rrequire valid-user will work in either case.
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.3-3.1 utility programs for webservers
ii libmagic1 4.17-4 File type determination library us
ii lsb-base 3.1-15 Linux Standard Base 3.1 init scrip
ii mime-support 3.37-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-17 The NET-3 networking toolkit
apache2.2-common recommends no packages.
-- no debconf information
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.3-3.1 utility programs for webservers
ii libmagic1 4.17-4 File type determination library us
ii lsb-base 3.1-15 Linux Standard Base 3.1 init scrip
ii mime-support 3.37-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-17 The NET-3 networking toolkit
apache2.2-common recommends no packages.
-- no debconf information
Reply to: