UID_Filter in httpd.conf template
Gunnar Wrobel
wrobel at pardus.de
Tue Aug 7 12:21:06 CEST 2007
Liutauras Adomaitis <liutauras at infosaitas.lt> writes:
> Hello,
>
> I'm using kolab packaged by Mandriva. it is without OpenPKG. I can't tell
> which version it is - since kolab -v gives me error about not existing
> OpenPKG. rpm -qa | grep kolab gives:
> kolab-1.9.5-0.20050801.5mdv2007.1
> kolab-resource-handlers-0.4.1-0.20050811.2mdk
> kolab-webadmin-0.4.9-0.20050910.2mdv2007.1
Hm, the dates of that release look rather outdated. I'd consider using
a newer OpenPKG installation. Does the Kolab2/Mandriva project have a
website or something where the status of this native port can be
checked?
> Any way the problem is that httpd.conf.template attribute
> UID_Filter "(|(uid=%u)(mail=%u))" is defined, but my apache complains about
> it. I can only start apache with UID_Filter commented. I didn't notice any
> disadvantages of runing kolab without UID_Filter, but still why is it so?
The disadvantage is that your users will be unable to log in using
their UID value. They will allways have to use their full e-mail
address (at least on all systems provided via apache).
So it is not really critical.
The problem probably derives from the mod_auth_ldap package. You need
to have a version of the package that is specifically patched for the
Kolab server.
Or you use apache >=2.2 which does not require mod_auth_ldap to
allow users to also login via UID.
Cheers,
Gunnar
>
> The context of UID_Filter is:
> <Directory "/var/www/html/kolab/freebusy">
> <IfModule mod_dav.c>
> Dav On
> </Ifmodule>
> #Script PUT /kolab/freebusy/freebusy.php
> AllowOverride None
> Options None
> # Disallow for everyone as default
> Order allow,deny
> <Limit GET PUT LOCK UNLOCK PROPFIND HEAD OPTIONS>
> Allow from all
> @@@if apache-allow-unauthenticated-fb@@@
> @@@else@@@
> Require valid-user
> @@@endif@@@
> </Limit>
> @@@if apache-allow-unauthenticated-fb@@@
> @@@else@@@
> AuthType Basic
> AuthName "Kolab Freebusy (webdav)"
> # <IfModule mod_mm_auth_ldap.c>
> LDAP_Server @@@ldap_ip@@@
> LDAP_Port @@@ldap_port@@@
> Base_DN "@@@base_dn@@@"
> # temporary : openldap changed from 2.1.9 to 2.1.12
> # anonymous bind with dn is nolonger allowed
> # unfortunately mod_auth_ldap seems to exactly do so
> # need to investigate ...
> Bind_DN "@@@php_dn@@@"
> Bind_Pass "@@@php_pw@@@"
> # UID_Filter "(|(uid=%u)(mail=%u))"
> # </IfModule>
> @@@endif@@@
> <IfModule mod_dav.c>
> DavMinTimeout 600
> </Ifmodule>
> AddDefaultCharset Off
> <IfModule mod_php5.c>
> php_value
> include_path ".:/var/www/html/kolab/admin/include:/usr/share/pear"
> #php_admin_flag safe_mode on
> </IfModule>
> </Directory>
>
> <Directory "/var/www/html/kolab/webcalendar">
> <IfModule mod_dav.c>
> Dav On
> </Ifmodule>
> AllowOverride None
> Options None
> # Disallow for everyone as default
> Order allow,deny
> <Limit GET PUT LOCK UNLOCK PROPFIND HEAD OPTIONS>
> Allow from all
> Require valid-user
> </Limit>
> AuthType Basic
> AuthName "Kolab Freebusy (webdav)"
>
> # <IfModule mod_mm_auth_ldap.c>
> LDAP_Server @@@ldap_ip@@@
> LDAP_Port @@@ldap_port@@@
> Base_DN "@@@base_dn@@@"
> # temporary : openldap changed from 2.1.9 to 2.1.12
> # anonymous bind with dn is nolonger allowed
> # unfortunately mod_auth_ldap seems to exactly do so
> # need to investigate ...
> Bind_DN "@@@php_dn@@@"
> Bind_Pass "@@@php_pw@@@"
> # UID_Filter "(|(uid=%u)(mail=%u))"
> # </IfModule>
> <IfModule mod_dav.c>
> DavMinTimeout 600
> </Ifmodule>
> AddDefaultCharset Off
> </Directory>
>
>
>
> Liutauras
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
--
____ http://www.pardus.de _________________ http://gunnarwrobel.de _
>> Mail at ease - Rent a kolab groupware server at p at rdus <<
p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium
More information about the users
mailing list