chazhs
asked on
problem: authentication using .htaccess
I am using Apache server and linux redhat 7.2.
My company uses ldap to store employee info. We have a mounted directory, which has the ldap_db and also a user-passwd file which has all userid and encrypted passwords.
Now, I want to be able to put a .htaccess file at directory level, to authenticate users before they access my site.
I tried putting a .htaccess file at my homedirectory which looks like this:
AuthUserFile /network/ldap/user-passwor
AuthName John Doe's Members-Only Area
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
But when I try http://localhost/~me, it does not prompt for password. I dont get any errors either, and the webpages are displayed fine. Any idea why it does not prompt for userid/passwd?
Note:
In my LinuxGUI, System>AuthenticationConfi
(Although I dont know if this is related to the .htaccess authentication or not)
Thank you.
My company uses ldap to store employee info. We have a mounted directory, which has the ldap_db and also a user-passwd file which has all userid and encrypted passwords.
Now, I want to be able to put a .htaccess file at directory level, to authenticate users before they access my site.
I tried putting a .htaccess file at my homedirectory which looks like this:
AuthUserFile /network/ldap/user-passwor
AuthName John Doe's Members-Only Area
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
But when I try http://localhost/~me, it does not prompt for password. I dont get any errors either, and the webpages are displayed fine. Any idea why it does not prompt for userid/passwd?
Note:
In my LinuxGUI, System>AuthenticationConfi
(Although I dont know if this is related to the .htaccess authentication or not)
Thank you.
ASKER
I am not clear on this answer. No idea what to substitue for any of the variables above. (sorry, Im new here)
Anyhow, I guess giving the ldap server name directly might not work for me, since I need to give access to a restricted user list sometimes. (not the whole company)
So I maintain my own list of userids and encrypted passwords.
Thanks.
Anyhow, I guess giving the ldap server name directly might not work for me, since I need to give access to a restricted user list sometimes. (not the whole company)
So I maintain my own list of userids and encrypted passwords.
Thanks.
beside the ldap server name you need to know the base dn and the dn for an account which is allowed to query the database (or ask your LDAP admin if the database can be queried anonymous, probably not for passwords:)
ASKER
I guess the problem is not so much ldap, but just getting .htaccess to work correctly.
I changed my .htaccess file so my AuthUserFile points to a local .htpasswd file that I just created using
htpasswd -c .htpasswd username
Still no luck, the web page gets displayed without any errors, but does not prompt for userid :(
I changed my .htaccess file so my AuthUserFile points to a local .htpasswd file that I just created using
htpasswd -c .htpasswd username
Still no luck, the web page gets displayed without any errors, but does not prompt for userid :(
ASKER
Note, I did try restarting webserver.
Also found this line in both httpd.conf and srm.conf
AccessFileName .htaccess
Also found this line in both httpd.conf and srm.conf
AccessFileName .htaccess
ASKER
Also Tried without the <limit> tag :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes Sir, it worked!!!
Set
AllowOverride AuthConfig Indexes
in my httpd.conf and it worked magically!!!
Thanks for your help!!!
Set
AllowOverride AuthConfig Indexes
in my httpd.conf and it worked magically!!!
Thanks for your help!!!
AuthName "confidential data"
AuthType Basic
#
# --- openldap
AuthLDAPHosts "FQDN"
AuthLDAPBindDN "cn=Manager,...,dc=xxx-xxx
AuthLDAPBindPassword password
AuthLDAPBaseDN "..,dc=xxx,dc=xxx-xxx,dc=d
#
AuthLDAPSearchScope subtree
AuthLDAPUserKey uid
AuthLDAPPassKey userPassword
#
# --- Base64 encodced
AuthLDAPSchemePrefix off
#
<Limit GET POST>
require valid-user
</Limit>
# keep in mind that AuthType Basic transfers the password nearly plain text (simple encryption)
# Hope that you are shure you want to compromise your internal security by such a public access