Bug#400681: apache2.2-common: foo

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#400681: apache2.2-common: foo
From: Joey O'Doherty <joey@odoherty.net>
Date: Mon, 27 Nov 2006 18:23:25 -0500
Message-id: <[🔎] 20061127232325.15186.98695.reportbug@megatron.plik.net>
Reply-to: Joey O'Doherty <joey@odoherty.net>, 400681@bugs.debian.org

Package: apache2.2-common
Version: 2.2.3-3.1
Severity: normal


Subject: apache2.2-common: mod_authn_alias does not play well with mod_authnz_ldap
Package: apache2.2-common
Version: 2.2.3-3.1
Severity: normal

The AuthnProviderAlias directive provided by mod_authn_alias does not
play well with LDAP authorization (provided by mod_authnz_ldap.)
Specifically, using AuthnProviderAlias with LDAP breaks the require
directives ldap-user and ldap-group. By way of example, consider the
following:

<AuthnProviderAlias ldap ldap-alias>
  AuthLDAPURL ldap://fdqn/dc=foo,dc=bar?uid??
  AuthLDAPGroupAttributeIsDN off
  AuthLDAPGroupAttribute memberUid
</AuthnProviderAlias>

<Location /foo>
  AuthBasicProvider ldap-alias
  AuthType Basic
  AuthName "auth via AuthnProvideAlias"
  require ldap-user baz
</Location>

<Location /bar>
  AuthBasicProvider ldap
  AuthLDAPURL ldap://fdqn/dc=foo,dc=bar?uid??
  AuthLDAPGroupAttributeIsDN off
  AuthLDAPGroupAttribute memberUid  
  AuthType Basic
  AuthName "direct auth"
  require ldap-user baz
</Location>

In both cases LDAP authentication works. However, authorization at /foo does
not and gives an error like:

access to /foo failed, reason: require directives present and no Authoritative handler.

Authorization to /bar does work.

As a side note, rrequire valid-user will work in either case.

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages apache2.2-common depends on:
ii  apache2-utils                 2.2.3-3.1  utility programs for webservers
ii  libmagic1                     4.17-4     File type determination library us
ii  lsb-base                      3.1-15     Linux Standard Base 3.1 init scrip
ii  mime-support                  3.37-1     MIME files 'mime.types' & 'mailcap
ii  net-tools                     1.60-17    The NET-3 networking toolkit

apache2.2-common recommends no packages.

-- no debconf information

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages apache2.2-common depends on:
ii  apache2-utils                 2.2.3-3.1  utility programs for webservers
ii  libmagic1                     4.17-4     File type determination library us
ii  lsb-base                      3.1-15     Linux Standard Base 3.1 init scrip
ii  mime-support                  3.37-1     MIME files 'mime.types' & 'mailcap
ii  net-tools                     1.60-17    The NET-3 networking toolkit

apache2.2-common recommends no packages.

-- no debconf information

Reply to:

Prev by Date: Bug#399776: apache2: Apache 2.2 spawns lots of processes and freeze the box
Next by Date: Processed: your mail
Previous by thread: Bug#399808: solved after php5 stuff updated to 5.2.0-7
Next by thread: Bug#400881: please include Apache Module mod_authz_dbd from trunk
Index(es):
- Date
- Thread