Can't solve this one, here's my .htaccess:
AuthPAM_Enabled Off AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthName "MESSAGE" Require ldap-group cn=CHANGED, cn=CHANGED AuthLDAPURL "ldap://localhost/dc=CHANGED,dc=CHANGED?uid?sub?(objectClass=posixAccount)" AuthLDAPBindDN CHANGED AuthLDAPBindPassword CHANGED AuthLDAPGroupAttribute memberUid
AuthLDAPURL is correct, BindDN and BindPassword are correct also (verified with ldapvi -D ..).
Apache version: Apache/2.2.9 (Debian)
The error message seems cryptic to me, I have AuthzLDAPAuthoritative on so where's the problem.
EDIT:
LDAP modules are loaded, the problem is not with them being missing.
# ls /etc/apache2/mods-enabled/*ldap* /etc/apache2/mods-enabled/authnz_ldap.load /etc/apache2/mods-enabled/ldap.load
EDIT2:
Solved it by changing funky
Require ldap-group cn=CHANGED, cn=CHANGED
line with
Require valid-user
Since AuthzLDAPAuthoritative is on, no other auth methods will be used and valid-user requirement will auth via LDAP. (right? :/)
Your 'Require' line reads
That doesn't look write - I don't believe you can have have two cn's in a DN like that.
For me and apache 2.2.14, this works like a champ for access control on a per-group basis
"int" is our internal domain for non-public servers.
Have you enabled the ldap and authnz_ldap modules?
You can do so with: