提前致谢!
我需要 Apache 配置方面的帮助才能通过 Active Directory 登录。
如果用户是其他组中包含的组的成员,我希望允许登录。
现在我有这个:
Alias /nagios /opt/nagios/share
<Directory "/opt/nagios/share">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Acceso restringido"
AuthBasicProvider ldap
AuthLDAPURL "ldap://server/DC=domain,DC=red?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN [email protected]
AuthLDAPBindPassword "xxxxxx"
Require ldap-group CN=NAGIOS_EXP,OU=Groups,OU=Administracion Autonomica,OU=<domain>,DC=domain,DC=red
</Directory>
无法登录。如果我输入:require valid-user,一切正常。
[Mon May 21 13:36:05.060787 2018] [authnz_ldap:debug] [pid 9315] mod_authnz_ldap.c(966): [client 10.10.10.10:51069] AH01716: auth_ldap authorise: require group "CN=NAGIOS_EXP,OU=Groups,OU=Administracion Autonomica,OU=<domain>,DC=domain,DC=red": failed [Comparison complete][34 - Invalid DN syntax], checking sub-groups
[Mon May 21 13:36:05.062229 2018] [authnz_ldap:debug] [pid 9315] mod_authnz_ldap.c(989): [client 10.10.10.10:51069] AH01718: auth_ldap authorise: require group (sub-group) "CN=NAGIOS_EXP,OU=Groups,OU=Administracion Autonomica,OU=<domain>,DC=domain,DC=red": didn't match with attr DN failed group verification. [member][34 - Invalid DN syntax]
[Mon May 21 13:36:05.062250 2018] [authnz_ldap:debug] [pid 9315] mod_authnz_ldap.c(966): [client 10.10.10.10:51069] AH01716: auth_ldap authorise: require group "CN=NAGIOS_EXP,OU=Groups,OU=Administracion Autonomica,OU=<domain>,DC=domain,DC=red": failed [DN failed group verification.][34 - Invalid DN syntax], checking sub-groups
[Mon May 21 13:36:05.063471 2018] [authnz_ldap:debug] [pid 9315] mod_authnz_ldap.c(989): [client 10.10.10.10:51069] AH01718: auth_ldap authorise: require group (sub-group) "CN=NAGIOS_EXP,OU=Groups,OU=Administracion Autonomica,OU=<domain>,DC=domain,DC=red": didn't match with attr DN failed group verification. [uniqueMember][34 - Invalid DN syntax]
[Mon May 21 13:36:05.063481 2018] [authnz_ldap:debug] [pid 9315] mod_authnz_ldap.c(996): [client 10.10.10.10:51069] AH01720: auth_ldap authorize group: authorization denied for user ext-agumarjo to /nagios/
[Mon May 21 13:36:05.063486 2018] [authz_core:debug] [pid 9315] mod_authz_core.c(809): [client 10.10.10.10:51069] AH01626: authorization result of Require ldap-group CN=NAGIOS_EXP,OU=Groups,OU=Administracion Autonomica,OU=<domain>,DC=domain,DC=red: denied
[Mon May 21 13:36:05.063489 2018] [authz_core:debug] [pid 9315] mod_authz_core.c(809): [client 10.10.10.10:51069] AH01626: authorization result of <RequireAny>: denied
[Mon May 21 13:36:05.063492 2018] [authz_core:error] [pid 9315] [client 10.10.10.10:51069] AH01631: user ext-agumarjo: authorization failure for "/nagios/":
我做错什么了?
谢谢!
答案1
听起来你的 DN 语法不正确。你的日志显示你正在使用OU=<domain>DN,它在你的配置文件中吗,还是你在发布之前已经替换了它?
答案2
不好意思!!发帖之前我已经替换过了....
Require ldap-group CN=NAGIOS_EXP,OU=Groups,OU=Administracion Autonomica,OU=<JC>,DC=domain,DC=red