apache2 ldap group auth does not work anymore after upgrading to gutsy

Bug #195571 reported by LGB [Gábor Lénárt]
2
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

After upgrading a (32 bit server) to gutsy, apache group auth does not work anymore EVEN after modifying (so, yes, I know I should modify ldap auth related parts of my configuration files) the configuration based on documention from the apache2 site:

AuthBasicProvider ldap
AuthType basic
AuthName "Access point"
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute uniquemember
AuthzLDAPAuthoritative on
AuthLDAPURL ldap://localhost/ou=users,dc=somewhere,dc=net?uid
Require ldap-group cn=The Group, ou=groups, dc=somewhere,dc=net

This works, I mean apache webserver starts, but when I try to authenticate myself that did not work and I got this in error.log:

[Mon Feb 25 22:01:03 2008] [error] [client 127.0.0.1] access to /test/ failed, reason: unknown require directive:"ldap-group cn=The Group, ou=groups, dc=somewhere, dc=net"
[Mon Feb 25 22:01:03 2008] [error] [client 127.0.0.1] access to /test/ failed, reason: user lgb not allowed access

As you can see I've got 'unknown require directive:"ldap-group ....' which is strange since according the documentation this IS the format I should use in case of apache2.2. So I'm totally confused now.

Version of apache2, apache2.2-common, apache2-utils and apache2-mpm-prefork package are 2.2.4-3ubuntu0.1

Revision history for this message
Chuck Short (zulcss) wrote :

Can you attach the complete error message and can you the output of ls /etc/apache2/mods-enabled

Thanks
chuck

Changed in apache2:
status: New → Incomplete
Revision history for this message
LGB [Gábor Lénárt] (lgb) wrote :

The error message was complete what I've written before.

Content of directory /etc/apache2/mods-enabled is:

alias.conf authz_host.load dir.conf perl.load
alias.load authz_user.load dir.load php5.conf
auth_basic.load autoindex.conf disk_cache.conf php5.load
authn_alias.load autoindex.load disk_cache.load proxy_http.load
authn_anon.load cache.load env.load proxy.load
authn_default.load cgi.load ldap.load rewrite.load
authn_file.load dav_fs.conf mime.conf setenvif.conf
authnz_ldap.load dav_fs.load mime.load setenvif.load
auth_plain.load dav.load negotiation.conf status.conf
authz_default.load dav_svn.conf negotiation.load status.load
authz_groupfile.load dav_svn.load perl.conf vhost_alias.load

Revision history for this message
LGB [Gábor Lénárt] (lgb) wrote :

Please ask if you need further information but the error log was complete, I don't know why status can be incomplete here about this report. After upgrading the old LDAP options did not work of course, and apache2 did not even want to run because of the unknown options caused by the renamed/etc options. So I read documentations and modofies my configuration. Please note that now apache starts and _NO_ error at the console or in the apache error.log. If I try to access a "protected" URL, and give a non-existent user (or an existent one but with bad password just for the test) everything "works" I mean as expected. However if I enter valid username AND password then (and only then!) the

[Mon Feb 25 22:01:03 2008] [error] [client 127.0.0.1] access to /test/ failed, reason: unknown require directive:"ldap-group cn=The Group, ou=groups, dc=somewhere, dc=net"
[Mon Feb 25 22:01:03 2008] [error] [client 127.0.0.1] access to /test/ failed, reason: user lgb not allowed access

lines will be logged in error.log! Not before or after. So I think this is some kind of problem with interpreting the "require" configuration directive with ldap group authentication.

Hope this helped to clear my problem, if not, please comment! Thanks!

Revision history for this message
Chuck Short (zulcss) wrote :

Thanks for the bug report.

Changed in apache2:
status: Incomplete → Triaged
Revision history for this message
Chuck Short (zulcss) wrote :

Gutsy is no longer supported so there is no reason to keep this bug open.

chuck

Changed in apache2 (Ubuntu):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.