在 Windows Apache 2.4 中看不到 ldap 变量

tag-icon tag-icon windows apache-2.4 .htaccess ldap python
在 Windows Apache 2.4 中看不到 ldap 变量

在 Windows Apache (2.4) 上工作时,我想向 LDAP 服务器验证用户身份

我在 httpd.conf 中有以下内容

<Directory "C:\Apache24\htdocs">
    LDAPReferrals Off
    AuthBasicProvider ldap
    AuthName "LDAP NAME"
    AuthType Basic
    AllowOverride None
    Options Indexes FollowSymLinks

    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
</Directory>

并在正确文件夹中的 .htaccess 文件中添加以下内容

AuthLDAPBindDN "CN=USER,CN=Users,DC=YY,DC=ZZZZZZZ,DC=QQQ"
AuthLDAPBindPassword "PASSWORD"
Require all denied
AuthLDAPUrl ldap://ldapIP:LDAPPORT/CN=XXX,DC=YY,DC=ZZZZZZZ,DC=QQQ?sAMAccountName?sub?(objectClass=*)
Require valid-user
AuthLDAPRemoteUserAttribute sAMAccountName
AuthLDAPRemoteUserIsDN on

当我访问该网站时,我会收到用户提示,输入正确的凭据后我才能进入该网站(输入错误的凭据将出现 401 - 正常)

我的问题是我需要“检查”谁是访问该网站的用户,我理解 LDAP 应该在环境变量中的“REMOTE_USER”下插入访问该网站的用户名 - 但在 CMD 上检查“设置”,并检查os.envrion(在 python 上 - 服务器端用 python 编写)什么也没显示..

编辑:

当前的httpd.conf文件是:

<Directory "C:\Apache24\htdocs">
    LDAPReferrals Off
    AuthBasicProvider ldap
    AuthName "LDAP NAME"
    AuthType Basic
    AllowOverride AuthConfig
    Options Indexes FollowSymLinks

    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
</Directory>

当前的.htaccess 文件是:

AuthLDAPBindDN "CN=USER,CN=Users,DC=YY,DC=ZZZZZZZ,DC=QQQ"
AuthLDAPBindPassword "PASSWORD"
Require all denied
AuthLDAPUrl ldap://ldapIP:LDAPPORT/CN=XXX,DC=YY,DC=ZZZZZZZ,DC=QQQ?sAMAccountName?sub?(objectClass=*)
Require valid-user

我已经打开 Apache 调试日志,并且看到下面相关的日志 - 显示他确实“接受”了我的用户名...但仍然无法从环境变量中“获取”它...

Tue Jul 04 14:28:44.088576 2017] [authz_core:debug] [pid PID1:tid TID1] mod_authz_core.c(806): [client IP:PORT1] AH01626: authorization result of Require all denied: denied
Tue Jul 04 14:28:44.089582 2017] [authz_core:debug] [pid PID1:tid TID1] mod_authz_core.c(806): [client IP:PORT1] AH01626: authorization result of Require valid-user : granted
Tue Jul 04 14:28:44.089582 2017] [authz_core:debug] [pid PID1:tid TID1] mod_authz_core.c(806): [client IP:PORT1] AH01626: authorization result of <RequireAny>: granted
Tue Jul 04 14:28:44.558595 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of Require all granted: granted, referer: http://domain
Tue Jul 04 14:28:44.558595 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of <RequireAny>: granted, referer: http://domain
Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of Require all denied: denied, referer: http://domain
Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://domain
Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://domain
Tue Jul 04 14:28:44.559596 2017] [authnz_ldap:debug] [pid PID1:tid TID2] mod_authnz_ldap.c(515): [client IP:PORT2] AH01691: auth_ldap authenticate: using URL ldap://ldapIP:LDAPPORT/CN=XXX,DC=YY,DC=ZZZZZZZ,DC=QQQ?sAMAccountName?sub?(objectClass=*), refrer: http://domain
Tue Jul 04 14:28:44.559596 2017] [authnz_ldap:debug] [pid PID1:tid TID2] mod_authnz_ldap.c(612): [client IP:PORT2] AH01697: auth_ldap authenticate: accepting **USERNAME**, referer: http://domain
Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of Require all denied: denied, referer: http://domain
Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of Require valid-user : granted, referer: http://domain
Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of <RequireAny>: granted, referer: http://domain

有什么想法吗?谢谢。

答案1

我设法解决了这个问题。

需要访问 WSGI 环境变量,我的应用程序使用 falcon 通过 apache 运行 - 因此通过中间件 API 类访问正确的变量 - falcon 将这些变量附加到 Request 类中的“env”字典中。

class AuthMiddleware(object):
    def process_request(self, req, resp):
         #auth validation here

http://falcon.readthedocs.io/en/stable/user/quickstart.html

相关内容