[tclug-list] apache errordocument config with openldap

[Jeff Hemminger]

Hi All,

First post! Woohoo!

I realize this is more an apache/mod_authz_ldap question than a purely linux
one, but I'm running short of things to try so I'm asking the list.

 

I'm working for a client that's moving a corporate portal from a mysql
authentication scheme for their portal to authentication via the company
ldap server (openldap).

 

I've made the switch in the httpd.conf file via virtualhost entries (below).

This works for authentication but I haven't been able to add the custom
ErrorDocument entries like I thought I would. Basically everything I've
tried has failed- the basic Fedora error pages display instead.

 

Today I tried adding a Directory entry just before the VirtualHost entry,
(also added below).

When I add "AllowOverride All", the ErrorDocument I specify displays, but it
also disables ldap authentication.

I've tried several combinations of directive-types, AllowOverride AuthConfig
FileInfo Limit does the same thing. AllowOverride FileInfo Limit enables
ldap auth but doesn't provide the correct ErrorDocument page.. etc

 

Can anyone tell me the correct entries to both allow mod_authz_ldap
authentication, and provide custom error pages via ErrorDocument?

 

Other questions would include:

-Why doesn't ErrorDocument work in the VirtualHost entry?

-Why wouldn't AllowOverride FileInfo work by itself?

 

Thanks for your help,

Jeff

 

 

<Directory /var/www/html/sites/blah>

        AllowOverride All

        ErrorDocument 401 /auth/ldapauth.php

</Directory>

 

<VirtualHost 192.168.1.1>

ServerAdmin blah at blah.com

DocumentRoot /var/www/html/sites/blah

ServerName www.blah.net

DirectoryIndex index.php

ErrorLog /var/summary/logs/blah_test_stats/blah_eerror_log

CustomLog /var/summary/logs/blah_test_stats/blah_eaccess_log combined

 

   <Location />

        AuthzLDAPServer localhost

        AuthzLDAPBindDN cn=Manager,dc=blah,dc=com

        AuthzLDAPBindPassword secretblah

        AuthzLDAPMethod ldap

        AuthzLDAPLogLevel debug

 

        AuthzLDAPUserBase dc=blah,dc=com

        AuthzLDAPUserKey gcLogin

        AuthzLDAPUserScope subtree

 

        AuthzLDAPRoleAttributeName attr1

 

        AuthType basic

        AuthName "Blah Login"

 

        require valid-user

        require role Role1 Role2

        require filter SUBTREE (&(attr2=TRUE)(|(!(attr3=TRUE)))\

)

   </Location>

 

</VirtualHost>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20060220/443a3b2a/attachment.htm