具有LDAP的Apache无法进行身份验证和转发

时间:2016-02-29 09:04:02

标签: apache ldap haproxy proxypass

我在机器上配置了Apache,并将代理配置到实际应用程序,使用LDAP进行授权。

例如,Apache中的form_auth.conf就是这样的

 <Location /myapp/home/j_security_check>
    ErrorDocument 401 /myapp/home/login.jsp
    AuthType form
    AuthName form_auth
    SetHandler form-login-handler
    LDAPReferrals Off
    AuthFormProvider ldap
    AuthLDAPURL "ldaps://details"
    AuthLDAPBindDN “details"
    AuthLDAPBindPassword “a£456&89"
    AuthFormLoginSuccessLocation http://10.1.5.55:8080/myapp/
    Session On
    SessionCookieName mysession path=/
    SessionCryptoPassphrase secretpass
    SessionCryptoCipher aes128
    SessionMaxAge 1800
    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
    Require valid-user
    Order allow,deny
    Allow from all
    AuthFormFakeBasicAuth On
</Location>
<LocationMatch "^/(myapp)">
        AuthFormProvider ldap
        AuthLDAPURL     "ldaps:details"          
        AuthLDAPBindDN "CN=UNIX TEST0 SZ Service Account,OU=Environments,OU=User,OU=Delegated,DC=test,DC=LOCAL"
        AuthLDAPBindPassword "a£456&89"
        AuthType form
        AuthName form_auth
        AuthFormLoginRequiredLocation http://10.1.5.55/myapp/home/login.jsp
        Session On
        SessionCookieName mysession path=/
        SessionCryptoPassphrase secretpass
        SessionCryptoCipher aes128
        SessionMaxAge 1800
        Require valid-user
        Order allow,deny
        Allow from all
        AuthFormFakeBasicAuth On
</LocationMatch>
ProxyPass /myapp http://10.1.5.55:8080/myapp max=480 retry=0 keepalive=On
ProxyPassReverse /myapp http://10.1.5.55:8080/myapp

现在从本地机器我在端口9090上通过8080端口到Apache服务器上建立隧道。

在浏览器中输入“{{3}}”

向我展示了Apache index.html页面,我可以在Apache服务器上看到日志。当我尝试访问localhost:9090 / myapp时,我可以看到浏览器URL更改为10.1.5.55:8080/myapp/home/login.jsp但没有响应和超时。

在Apache错误日志上 - 访问Apache的第一个URL,我的日志就像这样

AH01502:标题:ap_headers_output_filter()

 [authz_core:debug] [pid 26517] mod_authz_core.c(802): [client 10.6.1.10:55334] AH01626: authorization result of Require all granted: granted

[authz_core:debug] [pid 26517] mod_authz_core.c(802): [client 10.6.1.10:55334] AH01626: authorization result of <RequireAny>: granted

[authz_core:debug] [pid 26517] mod_authz_core.c(802): [client 10.6.1.10:55334] AH01626: authorization result of Require all granted: granted

[authz_core:debug] [pid 26517] mod_authz_core.c(802): [client 10.6.1.10:55334] AH01626: authorization result of <RequireAny>: granted

当我尝试访问myapp时,我会收到此日志并超时

mod_authz_core.c(802): [client 10.6.1.10:55347] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)

[authz_core:debug] [pid 26518] mod_authz_core.c(802): [client 10.6.1.10:55347] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)

[core:debug] [pid 26518] util_cookies.c(59): [client 10.6.1.10:55347] AH00007: ap_cookie: user '(null)' set cookie: 'myapp2session=3x/IdXV5SmKhepiUQ8kUSLw/6Dwv9vxc97x78JhsOZrGF2Tx8Y5TnH7uf0fOfI2+czX3ZB6m92dJSlMttrX1VA==;Max-Age=1800;path=/'

[headers:debug] [pid 26518] mod_headers.c(848): AH01503: headers: ap_headers_error_filter()

[core:info] [pid 26514] [client 10.6.1.10:55348] AH00128: File does not exist: /var/www/html/myapp/home/login jsp

我显示了表单输出。

我的配置中缺少什么,因为这是在不同环境中的工作配置。

0 个答案:

没有答案