freeBSD 11.3,apache 24,mod_ldap,mod_authz_ldap 已加载到 http.conf 中
这是 http.conf 中 ldap 的配置
LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPTrustedGlobalCert CA_BASE64 /usr/local/etc/CA.pem
LDAPTrustedMode SSL
< Directory />
AuthLDAPURL ldaps://ldap.jackyu.org/dc=jackyu,dc=org?uid
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute memberUid
AuthLDAPBindDN cn=pamclient,ou=SystemAdmin,dc=jackyu,dc=org
AuthLDAPBindPassword xyz
AuthType basic
AuthName "Secure Access"
AuthBasicProvider ldap
require ldap-group cn=family,ou=group,dc=jackyu,dc=org
AllowOverride None
Order deny,allow
Deny from all
# AuthzLDAPAuthoritative on (this is removed in apache 24)
< /Directory>
对于 apache 22,此配置工作正常,但对于 apache 24,当用户尝试访问该站点时,它会显示禁止访问(403 错误),而不会提示用户登录弹出窗口。用户没有机会登录。
此 apache 24 服务器可以在 shell 中连接到 ldap 服务器进行用户身份验证。问题是当用户尝试访问网站时,apache 24 不会提示用户登录。
答案1
以下是 apache 24 的配置
LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPTrustedGlobalCert CA_BASE64 /usr/local/etc/CA.pem
LDAPTrustedMode SSL
< Directory />
AuthLDAPURL ldaps://ldap.jackyu.org/dc=jackyu,dc=org?uid
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute memberUid
AuthLDAPBindDN cn=pamclient,ou=SystemAdmin,dc=jackyu,dc=org
AuthLDAPBindPassword xyz
AuthType basic
AuthName "Secure Access"
AuthBasicProvider ldap
Require ldap-group cn=family,ou=group,dc=jackyu,dc=org
AllowOverride None
# Order deny,allow (this is removed in apache 24)
# Deny from all (this is removed in apache 24)
# AuthzLDAPAuthoritative on (this is removed in apache 24)
< /Directory>