Windows
在 windows apache 2.4 中看不到 ldap 變數
在 windows apache (2.4) 上工作,我想對 LDAP 伺服器的使用者進行身份驗證
我在 httpd.conf 中有以下內容
<Directory "C:\Apache24\htdocs"> LDAPReferrals Off AuthBasicProvider ldap AuthName "LDAP NAME" AuthType Basic AllowOverride None Options Indexes FollowSymLinks Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token" </Directory>以及正確文件夾中的 .htaccess 文件中的以下內容
AuthLDAPBindDN "CN=USER,CN=Users,DC=YY,DC=ZZZZZZZ,DC=QQQ" AuthLDAPBindPassword "PASSWORD" Require all denied AuthLDAPUrl ldap://ldapIP:LDAPPORT/CN=XXX,DC=YY,DC=ZZZZZZZ,DC=QQQ?sAMAccountName?sub?(objectClass=*) Require valid-user AuthLDAPRemoteUserAttribute sAMAccountName AuthLDAPRemoteUserIsDN on當我訪問該站點時,我收到使用者提示,輸入正確的憑據確實可以讓我進入該站點(輸入錯誤的憑據會得到 401 - 好的)
我的問題是我需要“檢查”誰是訪問該站點的使用者,我知道 LDAP 應該在環境變數中的“REMOTE_USER”下插入訪問該站點的使用者名 - 但在 CMD 上檢查“設置”,並檢查
os.envrion(在python上-伺服器端是用python編寫的)什麼也沒顯示..編輯:
目前的 httpd.conf 文件是:
<Directory "C:\Apache24\htdocs"> LDAPReferrals Off AuthBasicProvider ldap AuthName "LDAP NAME" AuthType Basic AllowOverride AuthConfig Options Indexes FollowSymLinks Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT" Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token" </Directory>目前的 .htaccess 文件是:
AuthLDAPBindDN "CN=USER,CN=Users,DC=YY,DC=ZZZZZZZ,DC=QQQ" AuthLDAPBindPassword "PASSWORD" Require all denied AuthLDAPUrl ldap://ldapIP:LDAPPORT/CN=XXX,DC=YY,DC=ZZZZZZZ,DC=QQQ?sAMAccountName?sub?(objectClass=*) Require valid-user我已經打開了 Apache 調試日誌,看到下面是相關日誌 - 顯示他確實“接受”了我的使用者名..但仍然無法從環境變數中“獲取”它..
Tue Jul 04 14:28:44.088576 2017] [authz_core:debug] [pid PID1:tid TID1] mod_authz_core.c(806): [client IP:PORT1] AH01626: authorization result of Require all denied: denied Tue Jul 04 14:28:44.089582 2017] [authz_core:debug] [pid PID1:tid TID1] mod_authz_core.c(806): [client IP:PORT1] AH01626: authorization result of Require valid-user : granted Tue Jul 04 14:28:44.089582 2017] [authz_core:debug] [pid PID1:tid TID1] mod_authz_core.c(806): [client IP:PORT1] AH01626: authorization result of <RequireAny>: granted Tue Jul 04 14:28:44.558595 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of Require all granted: granted, referer: http://domain Tue Jul 04 14:28:44.558595 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of <RequireAny>: granted, referer: http://domain Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of Require all denied: denied, referer: http://domain Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: http://domain Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: http://domain Tue Jul 04 14:28:44.559596 2017] [authnz_ldap:debug] [pid PID1:tid TID2] mod_authnz_ldap.c(515): [client IP:PORT2] AH01691: auth_ldap authenticate: using URL ldap://ldapIP:LDAPPORT/CN=XXX,DC=YY,DC=ZZZZZZZ,DC=QQQ?sAMAccountName?sub?(objectClass=*), refrer: http://domain Tue Jul 04 14:28:44.559596 2017] [authnz_ldap:debug] [pid PID1:tid TID2] mod_authnz_ldap.c(612): [client IP:PORT2] AH01697: auth_ldap authenticate: accepting **USERNAME**, referer: http://domain Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of Require all denied: denied, referer: http://domain Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of Require valid-user : granted, referer: http://domain Tue Jul 04 14:28:44.559596 2017] [authz_core:debug] [pid PID1:tid TID2] mod_authz_core.c(806): [client IP:PORT2] AH01626: authorization result of <RequireAny>: granted, referer: http://domain有任何想法嗎?謝謝。
我設法解決了這個問題。
需要訪問 WSGI 環境變數,我的應用程序使用 falcon over apache 執行 - 因此通過中間件 API 類訪問正確的變數 - falcon 將這些變數附加到 Request 類中的“env”字典中。
class AuthMiddleware(object): def process_request(self, req, resp): #auth validation here