[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#619408: marked as done (apache2.2-common: mod_authnz_ldap require directives unrecognized if loaded after mod_authnz_default)

Your message dated Tue, 09 Jul 2013 11:47:57 +0000
with message-id <E1UwWOj-0005qJ-57@franck.debian.org>
and subject line Bug#619408: fixed in libapache2-mod-auth-plain 2.0.52
has caused the Debian Bug report #619408,
regarding apache2.2-common: mod_authnz_ldap require directives unrecognized if loaded after mod_authnz_default
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

619408: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619408
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: apache2.2-common
Version: 2.2.16-6
Severity: normal

In the default configuration mod_authnz_ldap.load is symlinked from
mods-available to mods-enabled but that orders it (lexicographically)
after the symlink to load mod_authnz_default.  This causes a number of
ldap specific arguments to the Require definition to be unrecognized and
logged as follows:

[Wed Mar 23 11:04:48 2011] [error] [client] access to /auth failed, reason: unknown require directive:"ldap-user bpktest bpkroth"
[Wed Mar 23 11:04:48 2011] [error] [client] access to /auth failed, reason: unknown require directive:"ldap-group cn=bpk-test,ou=Group,o=ORG"
[Wed Mar 23 11:04:48 2011] [error] [client] access to /auth failed, reason: unknown require directive:"ldap-attribute myacl=unix"
[Wed Mar 23 11:04:48 2011] [error] [client] access to /auth failed, reason: user bpktest not allowed access

The relevant tidbits from my .htaccess file are as follows:

# Allow authenticated access
AuthType Basic
AuthName "Restricted Access"

AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://ldapauth.mydomain.com:389/ou=People,o=ORG?uid"; STARTTLS

AuthLDAPRemoteUserIsDN Off
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off

Require ldap-user bpktest bpkroth
Require ldap-group cn=bpk-test,ou=Group,o=ORG
Require ldap-attribute myacl=unix

Adding another symlink to mod_authnz_ldap.load in mods-enabled as
01-mod_authnz_ldap.load corrects this behavior, albeit with a warning
message on startup (probably avoidable with an if statement around the

Let me know if you need anything else.


-- Package-specific info:
List of /etc/apache2/mods-enabled/*.load:
  01-authnz_ldap alias auth_basic auth_kerb auth_pam auth_plain
  auth_sys_group authn_file authnz_ldap authz_default authz_groupfile
  authz_host authz_user autoindex cgi deflate dir env include info
  ldap mime mod-security negotiation php5 reqtimeout rewrite rpaf
  setenvif ssl status unique_id vhost_alias wsgi
List of enabled php5 extensions:
  adodb apc curl ffmpeg gd geoip gmp idn imagick interbase lasso ldap
  mcrypt memcache ming mssql mysql mysqli odbc pam_auth pdo pdo_dblib
  pdo_mysql pdo_odbc pdo_pgsql pdo_sqlite pgsql ps pspell radius
  recode redland sasl snmp sqlite sqlite3 ssh2 suhosin tidy uuid
  xmlrpc xsl

-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2.2-common depends on:
ii  apache2-utils           2.2.16-6         utility programs for webservers
ii  apache2.2-bin           2.2.16-6         Apache HTTP Server common binary f
ii  libmagic1               5.04-5           File type determination library us
ii  lsb-base                3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii  mime-support            3.48-1           MIME files 'mime.types' & 'mailcap
ii  perl                    5.10.1-17        Larry Wall's Practical Extraction 
ii  procps                  1:3.2.8-9        /proc file system utilities

Versions of packages apache2.2-common recommends:
pn  ssl-cert                      <none>     (no description available)

Versions of packages apache2.2-common suggests:
pn  apache2-doc                 <none>       (no description available)
pn  apache2-suexec | apache2-su <none>       (no description available)
ii  lynx-cur [www-browser]      2.8.8dev.5-1 Text-mode WWW Browser with NLS sup

Versions of packages apache2.2-common is related to:
pn  apache2-mpm-event             <none>     (no description available)
pn  apache2-mpm-itk               <none>     (no description available)
ii  apache2-mpm-prefork           2.2.16-6   Apache HTTP Server - traditional n
pn  apache2-mpm-worker            <none>     (no description available)

-- Configuration Files:
/etc/apache2/mods-available/authnz_ldap.load changed:
# NOTE: This must be loaded before mod_authnz_default to avoid messages like this:
# unknown require directive:"ldap-attribute myacl=unix"
# 2011-03-23
# bpkroth

# Depends: ldap
LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: libapache2-mod-auth-plain
Source-Version: 2.0.52

We believe that the bug you reported is fixed in the latest version of
libapache2-mod-auth-plain, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 619408@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Colin Watson <cjwatson@debian.org> (supplier of updated libapache2-mod-auth-plain package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)

Hash: SHA256

Format: 1.8
Date: Mon, 08 Jul 2013 18:36:49 +0100
Source: libapache2-mod-auth-plain
Binary: libapache2-mod-auth-plain
Architecture: source i386
Version: 2.0.52
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
 libapache2-mod-auth-plain - Module for Apache2 which provides plaintext authentication
Closes: 619408 666838
 libapache2-mod-auth-plain (2.0.52) unstable; urgency=low
   * QA upload.
   * Port to the Apache 2.2 authentication provider interface (closes:
   * Port to Apache 2.4 (closes: #666838).
 5137951c5b1f1e74f0ca1f79eec677b304180de9 1584 libapache2-mod-auth-plain_2.0.52.dsc
 8d50efb9e20121dd1a73ce9b1edc7faf9ce281c6 9574 libapache2-mod-auth-plain_2.0.52.tar.gz
 9498b52250f38fdabf838f93c1f8af99095e3832 9428 libapache2-mod-auth-plain_2.0.52_i386.deb
 fb0dc9631f4e0115a0c8e3159dbafdb5bc687ba8f52e49b8348ff5345bb528f9 1584 libapache2-mod-auth-plain_2.0.52.dsc
 9a76d98e56e013bb5fcce9566b1702adbae6c4dd8acb6551a6da8ad2c14558a6 9574 libapache2-mod-auth-plain_2.0.52.tar.gz
 904641a865dc8d42a08057c17241c078233b0c91cebb10d520a7e92881cb79e2 9428 libapache2-mod-auth-plain_2.0.52_i386.deb
 586786a7226ccdfde547165ee60c6085 1584 web extra libapache2-mod-auth-plain_2.0.52.dsc
 4661caf1f25b86a099d4b0edcd783a45 9574 web extra libapache2-mod-auth-plain_2.0.52.tar.gz
 0f1b64f9c6410c3d40787af335a7f73d 9428 web extra libapache2-mod-auth-plain_2.0.52_i386.deb

Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer


--- End Message ---

Reply to: