AnswerBun.com

Limit access on Apache 2.4 to ldap group

Server Fault Asked by jakobbg on December 15, 2020

I’ve upgraded from Ubuntu 12.04 LTS to 14.04 LTS, and suddenly, my Apache 2.4 (previous: Apache 2.2) now lets everybody in to my virtual host, which is unfortunate :-).

What am I doing wrong? Anything with the Order/Allow lines? Any help is greatly appreciated!

Here’s my current config;

<VirtualHost *:443>
    DavLockDB /etc/apache2/var/DavLock
    ServerAdmin [email protected]
    ServerName foo.mydomain.com
    DocumentRoot /srv/www/foo

    Include ssl-vhosts.conf

    <Directory /srv/www/foo>
            Order allow,deny
            Allow from all

            Dav On

            Options FollowSymLinks Indexes
            AllowOverride None
            AuthBasicProvider ldap
            AuthType Basic
            AuthName "Domain foo"
            AuthLDAPURL "ldap://localhost:389/dc=mydomain,dc=com?uid" NONE
            AuthLDAPBindDN "cn=searchUser, dc=mydomain, dc=com"
            AuthLDAPBindPassword "ThisIsThePwd"
            require ldap-group cn=users,dc=mydomain,dc=com

            <FilesMatch '^.[Dd][Ss]_[Ss]'>
                    Order allow,deny
                    Deny from all
            </FilesMatch>

            <FilesMatch '.[Dd][Bb]'>
                    Order allow,deny
                    Deny from all
            </FilesMatch>
    </Directory>

    ErrorLog /var/log/apache2/error-foo.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access-foo.log combined

</VirtualHost>

One Answer

Foiled by Chrome cache, even though I was using Private Browsing. Weird.

Access log told me I was actually pre-authenticated. So when using a browser I never use (IE), it popped up with an authenticate dialog. And succeeded on binding to LDAP server. Nice.

Answered by jakobbg on December 15, 2020

Add your own answers!

Related Questions

Prometheus container connection refused

1  Asked on December 9, 2021 by tyr_90

     

Postfix as incoming and outgoing relay

1  Asked on December 9, 2021 by meilon

 

Compile error on nginx-auth-ldap with nginx

1  Asked on December 9, 2021 by tuckson

     

How to route outgoing traffic through another server?

1  Asked on December 9, 2021 by mkopriva

       

Using OpenResty with previously installed nginx?

0  Asked on December 9, 2021 by simo

   

Perfmon not logging to SQL Server

2  Asked on December 7, 2021 by sean-long

   

Database Migration for Grafana

2  Asked on December 7, 2021 by chandan-singh

     

Cannot get groups from LDAP

1  Asked on December 7, 2021 by oscarcy

   

Ask a Question

Get help from others!

© 2022 AnswerBun.com. All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP