[Auth_ldap] group based authentication fails

[Frank Altpeter]

Hi there,

I'm using auth_ldap for a long time now, and this was quite successful
as long as i didn't need to use grouping.

Now i run into problems, because i need the 'require group' feature
but didn't manage to get it running yet.

I've got an ldap object like this:

dn: cn=Administrators, ou=admins, o=company
objectClass: groupOfUniqueNames
cn: Administrators
uniqueMember: uid=frank at company.de, dc=company.de, ou=mail, c=de, o=company

According to this, i've got an ldap object for myself:

dn: uid=frank at company.de, dc=company.de, ou=mail, c=de, o=company
objectClass: top
objectClass: CompanyMailPerson
uid: frank at company.de
userPassword: {SSHA}Jy0Pd0EmHny1234567i0+NRJN1R5HDJo

So, i have setup my httpd.conf to contain the following:

<Directory />

        AuthName                        "Restricted area"
        AuthType                        basic
        AuthLDAPGroupAttribute          uniqueMember
        AuthLDAPGroupAttributeIsDN      on
        AuthLDAPAuthoritative           on
        AuthLDAPBindDN                  cn=root,o=company
        AuthLDAPBindPassword            ObscureString
        AuthLDAPCompareDNOnServer       on
        AuthLDAPEnabled                 on
        AuthLDAPUrl                    
ldap://ldapserver.company.de/o=company?uid

        require group   cn=Administrators, ou=admins, o=company
</Directory>


Since i don't get any error messages in the log file, i'm quite blind
about the cause of the problem, but i don't get auth_ldap to accept my
login. The only way to get it working is to replace 'require group
...' against 'require valid-user', which does fine.

Could anyone give me a hint what went wrong here and how to fix it?


--
Le deagh dhùraghd,

        Frank Altpeter

Two of the most famous products of Berkeley are LSD and Unix.
I don't think that this is a coincidence.
        -- Anonymous