Ubuntu
apache2 package

AuthnProviderAlias does not work w/ authnz_ldap

Bug #1313848 reported by P. Dunbar on 2014-04-28
30
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Apache2 Web Server
Unknown
Unknown
apache2 (Ubuntu)
Confirmed
Medium
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

Per: https://issues.apache.org/bugzilla/show_bug.cgi?id=55622

patch: http://svn.apache.org/viewvc?view=revision&revision=r1554995

We have a production subversion server front ended with apache2 using multiple ldap aliases for auth. This is all running very stable for years on Lucid 10.04.
We have begun testing the move to migrate to svn 1.8 on 14.04 with same configuration, adjusting where needed for the changes in apache 2.2 -> 2.4. Could not get ldap auth working and discovered the above.

Robie Basak (racb) on 2014-04-29
summary: - Need Patch applied to mod_authn_core for trusty apache2
+ AuthnProviderAlias does not work w/ authnz_ldap
Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

It looks like this fix is suitable for an update to Trusty, assuming that LDAP auth does not work at all without it. In order to do this, we'll need a test case that has exact to reproduce the problem so that we can verify the bug and any fix.

I'm imagining exact steps to set up a minimal LDAP server, add a user to it, configure Apache to use it (on localhost would be fine), protect a single page (eg. the default index.html) behind it, and then to see it fail without the patch, and succeed with the patch.

If you could help with producing these steps, then this would be appreciated.

Changed in apache2 (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Robie Basak (racb) wrote :

> test case that has exact to reproduce

That has exact steps, that is.

Revision history for this message
P. Dunbar (vigilcode) wrote :

Well my env has active directory but let me take a look at openldap see how hard it would be to setup in some basic fashion.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in apache2 (Ubuntu):
status: New → Confirmed
Revision history for this message
Stanislav German-Evtushenko (giner) wrote :

We have upgraded our server from 10.04 to 14.04 and now we have just the same issue. To me more precise this does not work with VHOSTs.

Our server is using LDAP authentication provided by to domain controllers which belong to different domains. Our scheme is:

AuthnProviderAlias ldap ldapdom1
AuthnProviderAlias ldap ldapdom2
<VirtualHost *:443>
 ...
 Authtype Basic
 AuthBasicProvider ldapdom1 ldapdom2
 ...
</VirtualHost>

Just like here: https://issues.apache.org/bugzilla/show_bug.cgi?id=55622#c0

Since upgrade it is not possible to do multiple domain authentication with vhosts anymore.

Revision history for this message
Syunsuke Komma (skomma) wrote :

We have a same issue.
There seems to be no motion for about two years, but we want this patch to be applied.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks for your bump on this skomma!

From my reading this fell dormant as there was no good insight how to reproduce this for the people that could add the fix to the package.

Might you be able to provide some steps how to recreate this to test and verify the fix as this is part of the SRU process (https://wiki.ubuntu.com/StableReleaseUpdates).

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.