4

have put together a frankenconfig from a few articles that is giving me a few issues. What I am trying to do is create a reverse proxy for splunk that adds authentication against our ldap directory and wraps the the http splunk page in ssl.

This config is working correctly:

NameVirtualHost *:80

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / http://localhost:8000/
    ProxyPassReverse / http://localhost:8000/
</VirtualHost>

This config is shows the auth method I am hoping to use however it throws a server error after auth completes:

NameVirtualHost *:80

<VirtualHost *:80>
    <Proxy *>
        Order deny,allow
        Deny from All
        AuthName "Authorisation"
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative on
        AuthLDAPUrl "ldaps://10.0.0.66:636/cn=users,cn=accounts,dc=example,dc=net?uid"
        Require ldap-group cn=ipausers,cn=groups,cn=accounts,dc=example,dc=net
        Satisfy any
    </Proxy>
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / http://localhost:8000/
    ProxyPassReverse / http://localhost:8000/
</VirtualHost>

Environment:

  • Linux splunk.test.example.net 2.6.32-431.5.1.el6.x86_64 #1 SMP Wed Feb 12 00:41:43 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
  • httpd-2.2.15-30.el6.centos.x86_64
  • mod_ssl-2.2.15-30.el6.centos.x86_64
  • openssl-1.0.1e-16.el6_5.4.x86_64

Any help would be greatly appreciated.

Richard Hansen
  • 51,690
  • 20
  • 90
  • 97
davetayl
  • 113
  • 1
  • 7
  • You're off-topic, but you also need to show the rest of the mod_ldap configuration, specifically how you tell it to search for users and groups. – user207421 Apr 08 '14 at 01:40
  • That is the full config aside from the default for apache/centos. The config is taken from a working .htaccessfile – davetayl Apr 08 '14 at 02:35

0 Answers0