Red Hat Bugzilla – Bug 125960
mod_authz_ldap doesn't understand directives in VirtualHost stanzas when it should
Last modified: 2007-11-30 17:07:02 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040207 Firefox/0.8 Description of problem: Hi, The docs for mod_authz_ldap say that it should work in a VirtualHost context. However, this is not the case: --- START Config snippet <VirtualHost 1.2.3.4:443> ServerAdmin helpdesk@foo.edu DocumentRoot "/var/www/html/" ServerName test.foo.edu ErrorLog logs/ssl-test.foo.edu-error_log CustomLog logs/ssl-test.foo.edu-access_log common # Enable LDAP Auth! (leave in vhost as mod_authz_ldap only works in # VirtualHost and Directory contexts, not DirectoryMatch :) AuthzLDAPEngine on AuthzLDAPAuthoritative off AuthzLDAPServer localhost:636 AuthzLDAPUserKey cn AuthzLDAPUserBase ou=users,o=uga AuthzLDAPUserScope onelevel ---- END Config snippet The above yeilds: test.foo# service httpd configtest Syntax error on line 23 of /etc/httpd/conf.d/test.foo.edu.conf: AuthzLDAPEngine not allowed here The docs say that this is perfectly acceptable: (From /usr/share/doc/mod_authz_ldap-0.22/reference.html ) --- START DOC Syntax: AuthzLDAPEngine { on | off } Context: virtual host, directory Default: off Set to on if the module should become active. ---- END DOC Umm, so either I'm retarted or it is. After some other rollout issues we've had with this, I'm pointing the finger at mod_authz_ldap :) Note that I can't put this into a Directory directive either as a workaround (as I've done on other machines) because I'm using DirectoyMatch and it plain doesn't work there at all. Whee! Version-Release number of selected component (if applicable): mod_authz_ldap-0.22-3 How reproducible: Always Steps to Reproduce: 1. See above 2. 3. Actual Results: httpd fails to start Expected Results: httpd starts and processes mod_authz_ldap config syntax in VirtualHost directives. Additional info:
Thanks for the report.
Packages which fix this issue are now available for testing from the following location: http://people.redhat.com/jorton/Taroon-mazl/ Tested successfully with AuthzLDAP* configured inside a vhost container and AuthType/require etc in a LocationMatch inside that vhost. Please report back results of any testing (success or failure) with these packages.
Verify working in VHost context. Also note that I wasn't clear in orginal bug report. mod_authz_ldap doesn't seem to work when config statements (Eg: AuthzLDAPEngine on) are placed inside DirectoryMatch and Location stanzas (obviously, "require vaild-user" will work :) This, I think, is me reading the sets of documentation incorrectly. The mod_authz_ldap states it works in Directory stanzas, and the apache docs seems to indicate that DirectoryMatch and Directory are eqivalent leading me to think that AuthzLDAP* config statements will work in DirectoryMatch'es which, I guess, is false. At any rate, now that it works in VHost context, I can work around this easily. Thanks!
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2004-277.html