AuthnProviderAlias does not work w/ authnz_ldap

Bug #1313848 reported by P. Dunbar on 2014-04-28
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Apache2 Web Server
Unknown
Unknown
apache2 (Ubuntu)
Medium
Unassigned

Bug Description

Per: https://issues.apache.org/bugzilla/show_bug.cgi?id=55622

patch: http://svn.apache.org/viewvc?view=revision&revision=r1554995

We have a production subversion server front ended with apache2 using multiple ldap aliases for auth. This is all running very stable for years on Lucid 10.04.
We have begun testing the move to migrate to svn 1.8 on 14.04 with same configuration, adjusting where needed for the changes in apache 2.2 -> 2.4. Could not get ldap auth working and discovered the above.

Robie Basak (racb) on 2014-04-29
summary: - Need Patch applied to mod_authn_core for trusty apache2
+ AuthnProviderAlias does not work w/ authnz_ldap
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

It looks like this fix is suitable for an update to Trusty, assuming that LDAP auth does not work at all without it. In order to do this, we'll need a test case that has exact to reproduce the problem so that we can verify the bug and any fix.

I'm imagining exact steps to set up a minimal LDAP server, add a user to it, configure Apache to use it (on localhost would be fine), protect a single page (eg. the default index.html) behind it, and then to see it fail without the patch, and succeed with the patch.

If you could help with producing these steps, then this would be appreciated.

Changed in apache2 (Ubuntu):
importance: Undecided → Medium
Robie Basak (racb) wrote :

> test case that has exact to reproduce

That has exact steps, that is.

P. Dunbar (vigilcode) wrote :

Well my env has active directory but let me take a look at openldap see how hard it would be to setup in some basic fashion.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apache2 (Ubuntu):
status: New → Confirmed

We have upgraded our server from 10.04 to 14.04 and now we have just the same issue. To me more precise this does not work with VHOSTs.

Our server is using LDAP authentication provided by to domain controllers which belong to different domains. Our scheme is:

AuthnProviderAlias ldap ldapdom1
AuthnProviderAlias ldap ldapdom2
<VirtualHost *:443>
 ...
 Authtype Basic
 AuthBasicProvider ldapdom1 ldapdom2
 ...
</VirtualHost>

Just like here: https://issues.apache.org/bugzilla/show_bug.cgi?id=55622#c0

Since upgrade it is not possible to do multiple domain authentication with vhosts anymore.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.