Bug#619408: marked as done (apache2.2-common: mod_authnz_ldap require directives unrecognized if loaded after mod_authnz_default)

To: Colin Watson <cjwatson@debian.org>
Subject: Bug#619408: marked as done (apache2.2-common: mod_authnz_ldap require directives unrecognized if loaded after mod_authnz_default)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 09 Jul 2013 11:51:08 +0000
Message-id: <[🔎] handler.619408.D619408.137337048110959.ackdone@bugs.debian.org>
References: <E1UwWOj-0005qJ-57@franck.debian.org> <20110323163100.29873.39275.reportbug@bobo.cae.wisc.edu>

Your message dated Tue, 09 Jul 2013 11:47:57 +0000
with message-id <E1UwWOj-0005qJ-57@franck.debian.org>
and subject line Bug#619408: fixed in libapache2-mod-auth-plain 2.0.52
has caused the Debian Bug report #619408,
regarding apache2.2-common: mod_authnz_ldap require directives unrecognized if loaded after mod_authnz_default
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
619408: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619408
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: apache2.2-common: mod_authnz_ldap require directives unrecognized if loaded after mod_authnz_default
From: Brian P Kroth <bpkroth@gmail.com>
Date: Wed, 23 Mar 2011 11:31:00 -0500
Message-id: <20110323163100.29873.39275.reportbug@bobo.cae.wisc.edu>

Package: apache2.2-common
Version: 2.2.16-6
Severity: normal


In the default configuration mod_authnz_ldap.load is symlinked from
mods-available to mods-enabled but that orders it (lexicographically)
after the symlink to load mod_authnz_default.  This causes a number of
ldap specific arguments to the Require definition to be unrecognized and
logged as follows:

[Wed Mar 23 11:04:48 2011] [error] [client 10.10.10.10] access to /auth failed, reason: unknown require directive:"ldap-user bpktest bpkroth"
[Wed Mar 23 11:04:48 2011] [error] [client 10.10.10.10] access to /auth failed, reason: unknown require directive:"ldap-group cn=bpk-test,ou=Group,o=ORG"
[Wed Mar 23 11:04:48 2011] [error] [client 10.10.10.10] access to /auth failed, reason: unknown require directive:"ldap-attribute myacl=unix"
[Wed Mar 23 11:04:48 2011] [error] [client 10.10.10.10] access to /auth failed, reason: user bpktest not allowed access

The relevant tidbits from my .htaccess file are as follows:

# Allow authenticated access
AuthType Basic
AuthName "Restricted Access"

AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://ldapauth.mydomain.com:389/ou=People,o=ORG?uid"; STARTTLS

AuthLDAPRemoteUserIsDN Off
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off

Require ldap-user bpktest bpkroth
Require ldap-group cn=bpk-test,ou=Group,o=ORG
Require ldap-attribute myacl=unix



Adding another symlink to mod_authnz_ldap.load in mods-enabled as
01-mod_authnz_ldap.load corrects this behavior, albeit with a warning
message on startup (probably avoidable with an if statement around the
load).

Let me know if you need anything else.

Thanks,
Brian

-- Package-specific info:
List of /etc/apache2/mods-enabled/*.load:
  01-authnz_ldap alias auth_basic auth_kerb auth_pam auth_plain
  auth_sys_group authn_file authnz_ldap authz_default authz_groupfile
  authz_host authz_user autoindex cgi deflate dir env include info
  ldap mime mod-security negotiation php5 reqtimeout rewrite rpaf
  setenvif ssl status unique_id vhost_alias wsgi
List of enabled php5 extensions:
  adodb apc curl ffmpeg gd geoip gmp idn imagick interbase lasso ldap
  mcrypt memcache ming mssql mysql mysqli odbc pam_auth pdo pdo_dblib
  pdo_mysql pdo_odbc pdo_pgsql pdo_sqlite pgsql ps pspell radius
  recode redland sasl snmp sqlite sqlite3 ssh2 suhosin tidy uuid
  xmlrpc xsl

-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2.2-common depends on:
ii  apache2-utils           2.2.16-6         utility programs for webservers
ii  apache2.2-bin           2.2.16-6         Apache HTTP Server common binary f
ii  libmagic1               5.04-5           File type determination library us
ii  lsb-base                3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii  mime-support            3.48-1           MIME files 'mime.types' & 'mailcap
ii  perl                    5.10.1-17        Larry Wall's Practical Extraction 
ii  procps                  1:3.2.8-9        /proc file system utilities

Versions of packages apache2.2-common recommends:
pn  ssl-cert                      <none>     (no description available)

Versions of packages apache2.2-common suggests:
pn  apache2-doc                 <none>       (no description available)
pn  apache2-suexec | apache2-su <none>       (no description available)
ii  lynx-cur [www-browser]      2.8.8dev.5-1 Text-mode WWW Browser with NLS sup

Versions of packages apache2.2-common is related to:
pn  apache2-mpm-event             <none>     (no description available)
pn  apache2-mpm-itk               <none>     (no description available)
ii  apache2-mpm-prefork           2.2.16-6   Apache HTTP Server - traditional n
pn  apache2-mpm-worker            <none>     (no description available)

-- Configuration Files:
/etc/apache2/mods-available/authnz_ldap.load changed:
# NOTE: This must be loaded before mod_authnz_default to avoid messages like this:
# unknown require directive:"ldap-attribute myacl=unix"
# 2011-03-23
# bpkroth

# Depends: ldap
LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 619408-close@bugs.debian.org
Subject: Bug#619408: fixed in libapache2-mod-auth-plain 2.0.52
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 09 Jul 2013 11:47:57 +0000
Message-id: <E1UwWOj-0005qJ-57@franck.debian.org>

Source: libapache2-mod-auth-plain
Source-Version: 2.0.52

We believe that the bug you reported is fixed in the latest version of
libapache2-mod-auth-plain, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 619408@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated libapache2-mod-auth-plain package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 08 Jul 2013 18:36:49 +0100
Source: libapache2-mod-auth-plain
Binary: libapache2-mod-auth-plain
Architecture: source i386
Version: 2.0.52
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 libapache2-mod-auth-plain - Module for Apache2 which provides plaintext authentication
Closes: 619408 666838
Changes: 
 libapache2-mod-auth-plain (2.0.52) unstable; urgency=low
 .
   * QA upload.
   * Port to the Apache 2.2 authentication provider interface (closes:
     #619408).
   * Port to Apache 2.4 (closes: #666838).
Checksums-Sha1: 
 5137951c5b1f1e74f0ca1f79eec677b304180de9 1584 libapache2-mod-auth-plain_2.0.52.dsc
 8d50efb9e20121dd1a73ce9b1edc7faf9ce281c6 9574 libapache2-mod-auth-plain_2.0.52.tar.gz
 9498b52250f38fdabf838f93c1f8af99095e3832 9428 libapache2-mod-auth-plain_2.0.52_i386.deb
Checksums-Sha256: 
 fb0dc9631f4e0115a0c8e3159dbafdb5bc687ba8f52e49b8348ff5345bb528f9 1584 libapache2-mod-auth-plain_2.0.52.dsc
 9a76d98e56e013bb5fcce9566b1702adbae6c4dd8acb6551a6da8ad2c14558a6 9574 libapache2-mod-auth-plain_2.0.52.tar.gz
 904641a865dc8d42a08057c17241c078233b0c91cebb10d520a7e92881cb79e2 9428 libapache2-mod-auth-plain_2.0.52_i386.deb
Files: 
 586786a7226ccdfde547165ee60c6085 1584 web extra libapache2-mod-auth-plain_2.0.52.dsc
 4661caf1f25b86a099d4b0edcd783a45 9574 web extra libapache2-mod-auth-plain_2.0.52.tar.gz
 0f1b64f9c6410c3d40787af335a7f73d 9428 web extra libapache2-mod-auth-plain_2.0.52_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBUdv2mzk1h9l9hlALAQg+yg/9G1CyiSXDMJw/t5FbdQJ4GwCGDcK1oWAS
MMPS+B4oczxQe+xXJ5HLdrbJK1shcErcrYjd0WzH/wmRXnbxD5MHo1aPB+tHqtkj
mqT4+N/vn09fCTUI6vpdN8omAkQwcd91zXJPI7XDlUXBoOvSQ+LIuJDsL6npcOhz
vFkC+HLspHz6xt0KRIroZj2FW852S4+mc5swLi/BG+QvxqjAk/thGE9IrdaOZ0u5
AzhhkQHphklLHTBtN7CgRK/55X43C+vATXC0to2JoYZ2m//3m9qT6CEPV4xpGBLD
EBkb/Sxm2iR9NS6K3fgqYfOwE/zqaBm7nVW7oePYgiBfHMER7f34IyMfelxW1L9I
AyBKAFBpCG8HsWi7sefJc9V5OXkDJNvBXvLSfwC0CR3Upcik5pmN7GjkmZDmS5yC
HlY0vGFuImsFWxl3c5Sm3YAmUSiPD88Fm0c5x5Uh2Bjowm/8dSwfQuKtqNH9tx/N
4UX+7KAMo5SxY1lIqssjE/e9Mwl62sj0/4I/crLBea+myK8KUVFEU78SB2eijc/o
FyGfJvV9bsFidkeN32rqUQv21gpB4MwXn3Nkv0W3QWxPQbqQqgliKqBcM7Mmud+n
f1CletV/rVaxIkm8QiLxhJZBkHXywkztxFYi2opdrR/ef6z7nNrH0rZHIX7sK/Xz
68G+UC8AsGk=
=nsjy
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Les plus belles destinations asiatiques avec l'Atelier du voyage
Next by Date: Bug#666838: marked as done (libapache2-mod-auth-plain: sourceful transition towards Apache 2.4)
Previous by thread: fsvs_1.2.5-1_i386.changes ACCEPTED into unstable
Next by thread: Bug#666838: marked as done (libapache2-mod-auth-plain: sourceful transition towards Apache 2.4)
Index(es):
- Date
- Thread