Cannot use mod_authz_ldap for authorization along with mod_auth_kerb module.

Solution Unverified - Updated -

Issue

  • Setup Apache to use Kerberos authentication and use ldap provide authorisation. It is possible to get Apache / kerberos to authenticate, or use LDAP with username and password to Authenticate & Authorise using require ldap-group directive. However it is not possible to get LDAP Authorisation working when using Kerberos to Authenticate.

Kerberos Authentication works fine (kerb_authenticate_user returns 0), however the ldap authorization part fails as shown below(User DN not found).

[debug] proxy_util.c(1967): proxy: initialized single connection worker 0 in child 14541 for (*)
[debug] src/mod_auth_kerb.c(1432): [client 10.65.192.205] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[debug] src/mod_auth_kerb.c(1432): [client 10.65.192.205] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[debug] src/mod_auth_kerb.c(915): [client 10.65.192.205] Using HTTP/dhcp209-89.gsslab.pnq.redhat.com@GSSLAB.PNQ.REDHAT.COM as server principal for password verification
[debug] src/mod_auth_kerb.c(655): [client 10.65.192.205] Trying to get TGT for user redhat@GSSLAB.PNQ.REDHAT.COM
[debug] src/mod_auth_kerb.c(994): [client 10.65.192.205] kerb_authenticate_user_krb5pwd ret=0 user=redhat@GSSLAB.PNQ.REDHAT.COM authtype=Basic
[debug] mod_authnz_ldap.c(561): [client 10.65.192.205] ldap authorize: Creating LDAP req structure
[debug] mod_authnz_ldap.c(573): [client 10.65.192.205] auth_ldap authorise: User DN not found, User not found
[info] nss_hook_Auth
[error] [client 10.65.192.205] access to /ldap/ failed, reason: require directives present and no Authoritative handler.

Environment

  • Red Hat Enterprise Linux 5
  • httpd-2.2.3-31.el5_4.2
  • mod_authz_ldap-0.26-9.el5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content