我有一个 vhost,我想让它与 LDAP 身份验证配合使用。我的配置如下:
<VirtualHost 0.0.0.0:80>
DocumentRoot "/var/www/root/"
ServerName myServerName
ServerAlias http://myServerName.com/
LogLevel debug
ErrorLog "/var/log/apache2/svn_error_log"
CustomLog "/var/log/apache2/svn_access_log" common
<Directory "/var/www/root/">
Allow from all
DirectoryIndex index.php
</Directory>
<Location "/">
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "Auth"
AuthLDAPURL "myLDAPURL"
AuthLDAPBindDN "myLDAPBindDN"
AuthLDAPBindPassword my-safe-password
Require ldap-group OU=Users,OU=A,DC=B,DC=C,DC=D
</Location>
</VirtualHost>
当我尝试登录时,它拒绝我的身份验证并在日志中显示:
auth_ldap authenticate: using URL myLDAPURL
auth_ldap authenticate: accepting username
auth_ldap authorise: require group: testing for group membership in "OU=Users,OU=A,DC=B,DC=C,DC=D"
auth_ldap authorise: require group: testing for member: CN=username,OU=Users,OU=A,DC=B,DC=C,DC=D (OU=Users,OU=A,DC=B,DC=C,DC=D)
auth_ldap authorise: require group "OU=Users,OU=A,DC=B,DC=C,DC=D": authorisation failed [Comparison no such attribute (adding to cache)][No such attribute]
auth_ldap authorise: require group: testing for uniquemember: CN=username,OU=Users,OU=A,DC=B,DC=C,DC=D (OU=Users,OU=A,DC=B,DC=C,DC=D)
auth_ldap authorise: require group "OU=Users,OU=A,DC=B,DC=C,DC=D": authorisation failed [Comparison no such attribute (adding to cache)][No such attribute]
auth_ldap authorise: declining to authorise (not authoritative)
access to / failed, reason: require directives present and no Authoritative handler.
我在这里做错了什么?
我尝试了AuthzLDAPAuthoritative On相同的结果。而且我确信 LDAP 工作正常,因为当我只Require valid-user使用 ldap-group 时,它工作正常。
答案1
您应该使用Require ldap-group而不是 吗Require group?
此外,如果组成员由 LDAP 组的属性值标识uniquemember,那么您需要添加AuthLDAPGroupAttribute uniquemember。