Lighthtpd ldap 组成员被忽略
Lighthtpd ldap groupmember ignored
我有 lighttpd 1.4.51 运行 一个带有 ldap 身份验证的 cgi 应用程序(git-http-backend)。这工作正常但是在引入组成员配置项时我不能限制登录到指定的组,因此允许任何具有有效用户名和密码的用户。
lighttpd.conf:
auth.require = ( "" => (
"method" => "basic",
"realm" => "repos",
"require" => "valid-user"
))
auth.backend = "ldap"
auth.backend.ldap.hostname = "172.xx.xx.xx"
auth.backend.ldap.base-dn = "OU=Current,OU=Company_Usrs,DC=Company,DC=co,DC=uk"
auth.backend.ldap.filter = "(CN=$)"
auth.backend.ldap.bind-dn = "CN=SVC_LDAP,OU=ServAccs,OU=ITS Admin,DC=Company,DC=co,DC=uk"
auth.backend.ldap.bind-pw = "xxxx"
auth.backend.ldap.allow-empty-pw = "disable"
auth.backend.ldap.groupmember = "App_IT_Sol"
#auth.backend.ldap.groupmember = "CN=App_IT_Sol,OU=Apps,OU=Grps,OU=Company_Res,DC=Company,DC=co,DC=uk"
#auth.backend.ldap.groupmember = (memberUid=App_IT_Solution)
#auth.backend.ldap.groupmember = "(member=CN=App_IT_Sol,OU=Apps,OU=Grps,OU=Company_Res,DC=Company,DC=co,DC=uk)"
查看 https://redmine.lighttpd.net/issues/1817 之后,我尝试在 groupmember 字段中指定 memberUid 以及其他几个组合,但是没有任何变化。
访问、错误和损坏日志没有显示任何相关内容。
有什么想法吗?
解决方案:
auth.require = ( "" => (
"method" => "basic",
"realm" => "repos",
"require" => "group=CN=App_IT_Sol,OU=Apps,OU=Grps,OU=Company_Res,DC=Company,DC=co,DC=uk"
))
auth.backend = "ldap"
auth.backend.ldap.hostname = "172.xx.xx.xx"
auth.backend.ldap.base-dn = "OU=Current,OU=Company_Usrs,DC=Company,DC=co,DC=uk"
auth.backend.ldap.filter = "(CN=$)"
auth.backend.ldap.bind-dn = "CN=SVC_LDAP,OU=ServAccs,OU=ITS Admin,DC=Company,DC=co,DC=uk"
auth.backend.ldap.bind-pw = "xxxx"
auth.backend.ldap.allow-empty-pw = "disable"
auth.backend.ldap.groupmember = "member"
any user with a valid username and password is allowed
这是 "require" => "valid-user"
的预期行为
请尝试:"require" => "group=App_IT_Sol"
我有 lighttpd 1.4.51 运行 一个带有 ldap 身份验证的 cgi 应用程序(git-http-backend)。这工作正常但是在引入组成员配置项时我不能限制登录到指定的组,因此允许任何具有有效用户名和密码的用户。
lighttpd.conf:
auth.require = ( "" => (
"method" => "basic",
"realm" => "repos",
"require" => "valid-user"
))
auth.backend = "ldap"
auth.backend.ldap.hostname = "172.xx.xx.xx"
auth.backend.ldap.base-dn = "OU=Current,OU=Company_Usrs,DC=Company,DC=co,DC=uk"
auth.backend.ldap.filter = "(CN=$)"
auth.backend.ldap.bind-dn = "CN=SVC_LDAP,OU=ServAccs,OU=ITS Admin,DC=Company,DC=co,DC=uk"
auth.backend.ldap.bind-pw = "xxxx"
auth.backend.ldap.allow-empty-pw = "disable"
auth.backend.ldap.groupmember = "App_IT_Sol"
#auth.backend.ldap.groupmember = "CN=App_IT_Sol,OU=Apps,OU=Grps,OU=Company_Res,DC=Company,DC=co,DC=uk"
#auth.backend.ldap.groupmember = (memberUid=App_IT_Solution)
#auth.backend.ldap.groupmember = "(member=CN=App_IT_Sol,OU=Apps,OU=Grps,OU=Company_Res,DC=Company,DC=co,DC=uk)"
查看 https://redmine.lighttpd.net/issues/1817 之后,我尝试在 groupmember 字段中指定 memberUid 以及其他几个组合,但是没有任何变化。
访问、错误和损坏日志没有显示任何相关内容。
有什么想法吗?
解决方案:
auth.require = ( "" => (
"method" => "basic",
"realm" => "repos",
"require" => "group=CN=App_IT_Sol,OU=Apps,OU=Grps,OU=Company_Res,DC=Company,DC=co,DC=uk"
))
auth.backend = "ldap"
auth.backend.ldap.hostname = "172.xx.xx.xx"
auth.backend.ldap.base-dn = "OU=Current,OU=Company_Usrs,DC=Company,DC=co,DC=uk"
auth.backend.ldap.filter = "(CN=$)"
auth.backend.ldap.bind-dn = "CN=SVC_LDAP,OU=ServAccs,OU=ITS Admin,DC=Company,DC=co,DC=uk"
auth.backend.ldap.bind-pw = "xxxx"
auth.backend.ldap.allow-empty-pw = "disable"
auth.backend.ldap.groupmember = "member"
any user with a valid username and password is allowed
这是 "require" => "valid-user"
请尝试:"require" => "group=App_IT_Sol"