https://bz.apache.org/bugzilla/show_bug.cgi?id=66375
Bug ID: 66375
Summary: The documentation for AuthzProviderAlias looks wrong.
Product: Apache httpd-2
Version: 2.4-HEAD
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: sebb@apache.org
Target Milestone: ---
The documentation for AuthzProviderAlias [1] looks wrong.
AFAICT including 'Require all granted' means that anyone can access
the directory.
This is borne out by my local testing.
If I remove the Require line, then httpd complains "AuthUserFile not
specified in the configuration". Presumably this is because auth is
now needed, but the config is incorrect.
If I change AuthBasicProvider to ldap, it complains that AuthLDAPUrl is
missing.
It would make more sense if the example used LDAP for both authn and authz, but
another way to fix it would be to add a AuthUserFile line.
Also the example AuthzProviderAlias entries seem very contrived.
It might make more sense to use an example of two LDAP groups which use
different attributes to hold their members. e.g. some use member (which is
normally a DN) and some use memberUid (which is normally just the Uid).
[1] https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#authzalias
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
Bug ID: 66375
Summary: The documentation for AuthzProviderAlias looks wrong.
Product: Apache httpd-2
Version: 2.4-HEAD
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: sebb@apache.org
Target Milestone: ---
The documentation for AuthzProviderAlias [1] looks wrong.
AFAICT including 'Require all granted' means that anyone can access
the directory.
This is borne out by my local testing.
If I remove the Require line, then httpd complains "AuthUserFile not
specified in the configuration". Presumably this is because auth is
now needed, but the config is incorrect.
If I change AuthBasicProvider to ldap, it complains that AuthLDAPUrl is
missing.
It would make more sense if the example used LDAP for both authn and authz, but
another way to fix it would be to add a AuthUserFile line.
Also the example AuthzProviderAlias entries seem very contrived.
It might make more sense to use an example of two LDAP groups which use
different attributes to hold their members. e.g. some use member (which is
normally a DN) and some use memberUid (which is normally just the Uid).
[1] https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#authzalias
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org