Ubuntu 6.10 -> 7.04 upgrade: Apache 2.2 ldap changes
Just suffered through some lame apache module syntax changes on Ubuntu after upgrading to 7.0.4. This is why I don't skip major versions...
Here is my functioning template on Ubuntu 7.04 Feisty:
There were several major changes that kept my site from working after the upgrade:
AuthBasicProvider ldap
AuthName "Secret Website"
AuthType Basic
AuthzLDAPAuthoritative on # prevent other mods from authenticating this user on failure
# protocol://server:port/base?attribute?scope?filter
AuthLDAPURL ldap://localhost:389/blah
AuthLDAPBindDN blah
AuthLDAPBindPassword "secret"
# require membership in LDAP group for access
require ldap-group cn=mygroup,ou=Groups,dc=example,dc=com
Deprecated directives:
AuthLDAPAuthoritative (now AuthzLDAPAuthoritative)
AuthLDAPEnabled
New directive required:
AuthBasicProvider ldap
This tells the mod_auth_basic module to defer to the mod_authnz_ldap module for authentication instead of handling it on its own. If you don't specify it, you get this lovely cryptic error in your server error log:
require group now only is used for local UNIX groups. For LDAP, you have to use require ldap-group.[error] Internal error: pcfg_openfile() called with NULL filename