AuthnProviderAlias does not work w/ authnz_ldap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| Apache2 Web Server |
Unknown
|
Unknown
|
||
| apache2 (Ubuntu) |
Medium
|
Unassigned |
Bug Description
Per: https:/
patch: http://
We have a production subversion server front ended with apache2 using multiple ldap aliases for auth. This is all running very stable for years on Lucid 10.04.
We have begun testing the move to migrate to svn 1.8 on 14.04 with same configuration, adjusting where needed for the changes in apache 2.2 -> 2.4. Could not get ldap auth working and discovered the above.
summary: |
- Need Patch applied to mod_authn_core for trusty apache2 + AuthnProviderAlias does not work w/ authnz_ldap |
Robie Basak (racb) wrote : | #2 |
> test case that has exact to reproduce
That has exact steps, that is.
P. Dunbar (vigilcode) wrote : | #3 |
Well my env has active directory but let me take a look at openldap see how hard it would be to setup in some basic fashion.
Launchpad Janitor (janitor) wrote : | #4 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in apache2 (Ubuntu): | |
status: | New → Confirmed |
We have upgraded our server from 10.04 to 14.04 and now we have just the same issue. To me more precise this does not work with VHOSTs.
Our server is using LDAP authentication provided by to domain controllers which belong to different domains. Our scheme is:
AuthnProviderAlias ldap ldapdom1
AuthnProviderAlias ldap ldapdom2
<VirtualHost *:443>
...
Authtype Basic
AuthBasicProvider ldapdom1 ldapdom2
...
</VirtualHost>
Just like here: https:/
Since upgrade it is not possible to do multiple domain authentication with vhosts anymore.
Syunsuke Komma (skomma) wrote : | #6 |
We have a same issue.
There seems to be no motion for about two years, but we want this patch to be applied.
Christian Ehrhardt (paelzer) wrote : | #7 |
Thanks for your bump on this skomma!
From my reading this fell dormant as there was no good insight how to reproduce this for the people that could add the fix to the package.
Might you be able to provide some steps how to recreate this to test and verify the fix as this is part of the SRU process (https:/
Thank you for taking the time to report this bug and helping to make Ubuntu better.
It looks like this fix is suitable for an update to Trusty, assuming that LDAP auth does not work at all without it. In order to do this, we'll need a test case that has exact to reproduce the problem so that we can verify the bug and any fix.
I'm imagining exact steps to set up a minimal LDAP server, add a user to it, configure Apache to use it (on localhost would be fine), protect a single page (eg. the default index.html) behind it, and then to see it fail without the patch, and succeed with the patch.
If you could help with producing these steps, then this would be appreciated.