Apache ldap authentication fails with aliases

(Last modified: 29Apr2005)

This document (10095185) is provided subject to the disclaimer at the end of this document.

fact

Novell NetWare 6.5 Support Pack 2

Novell NetWare 6.5

symptom

Apache ldap authentication fails with aliases

fix

Fix:

Add "AuthLDAPDereferenceAliases finding" to the httpd.conf in the ldap directive for the document directory that you are restricting. You will also need to make sure that "Dereference aliases when resolving names" is unchecked on the ldap server object. If checked, make the change and restart nldap.

<Directory SYS:/test>
Options Indexes Multiviews
AllowOverride None
Order deny,allow
Allow from all
AuthType Basic
AuthName "Protected"
require valid-user
AuthLDAPDereferenceAliases finding
AuthLDAPAuthoritative On
AuthLDAPURL ldap://mcn4.provo.novell.com/ou=alias,ou=test,o=corp?cn?sub
</Directory>

note

The dstrace log shows that apache found the user twice:

Search request:
base: "o=corp"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(objectclass=*)(cn=carlos))"
attribute: "cn"
Sending search result entry "cn=carlos,ou=test,o=corp" to connection 0x84b3d000
Sending search result entry "cn=carlos,ou=test,o=corp" to connection 0x84b3d000
Sending operation result 0:"":"" to connection 0x84b3d000

The dstrace log:

document

Document Title:	Apache ldap authentication fails with aliases
Document ID:	10095185
Solution ID:	NOVL99535
Creation Date:	25Oct2004
Modified Date:	29Apr2005
Novell Product Class:	Web Services

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.