TransWikia.com

Limit access on Apache 2.4 to ldap group

Server Fault Asked by jakobbg on December 15, 2020

I’ve upgraded from Ubuntu 12.04 LTS to 14.04 LTS, and suddenly, my Apache 2.4 (previous: Apache 2.2) now lets everybody in to my virtual host, which is unfortunate :-).

What am I doing wrong? Anything with the Order/Allow lines? Any help is greatly appreciated!

Here’s my current config;

<VirtualHost *:443>
    DavLockDB /etc/apache2/var/DavLock
    ServerAdmin [email protected]
    ServerName foo.mydomain.com
    DocumentRoot /srv/www/foo

    Include ssl-vhosts.conf

    <Directory /srv/www/foo>
            Order allow,deny
            Allow from all

            Dav On

            Options FollowSymLinks Indexes
            AllowOverride None
            AuthBasicProvider ldap
            AuthType Basic
            AuthName "Domain foo"
            AuthLDAPURL "ldap://localhost:389/dc=mydomain,dc=com?uid" NONE
            AuthLDAPBindDN "cn=searchUser, dc=mydomain, dc=com"
            AuthLDAPBindPassword "ThisIsThePwd"
            require ldap-group cn=users,dc=mydomain,dc=com

            <FilesMatch '^.[Dd][Ss]_[Ss]'>
                    Order allow,deny
                    Deny from all
            </FilesMatch>

            <FilesMatch '.[Dd][Bb]'>
                    Order allow,deny
                    Deny from all
            </FilesMatch>
    </Directory>

    ErrorLog /var/log/apache2/error-foo.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access-foo.log combined

</VirtualHost>

One Answer

Foiled by Chrome cache, even though I was using Private Browsing. Weird.

Access log told me I was actually pre-authenticated. So when using a browser I never use (IE), it popped up with an authenticate dialog. And succeeded on binding to LDAP server. Nice.

Answered by jakobbg on December 15, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP