0

For a PHP Project I need authorisation via LDAP. I have enabled the module with creating a link in mods-enabled:

sudo ln -s /etc/apache2/mods-available/authnz_ldap.load /etc/apache2/mods-enabled/authnz_ldap.load

When restarting DDEV I get this error:

Failed to restart BuildCenter: web container failed: log=phpstatus FAILED, err=container /ddev-BuildCenter-web unhealthy: phpstatus FAILED

Calling the website with a browser show this error:

502: Unresponsive/broken ddev back-end site.

Any hints how to configure LDAP within DDEV?

Michael Oehlhof
  • 51
  • 6
  • Maybe a problem reaching the LDAP server with the IP 172.16.16.2 ? How can I configure the router to reach this IP Address? – Michael Oehlhof Nov 29 '18 at 08:38
  • I have added loading the ldap module `sudo ln -s /etc/apache2/mods-available/ldap.load /etc/apache2/mods-enabled/ldap.load` and moved the files into a subdirectory. Now the 502 is gone but accessing the subdirectory results in a 500 and "ddev logs" shows `/var/www/html/bc/.htaccess: Unknown Authn provider: ldap` – Michael Oehlhof Nov 29 '18 at 13:35
  • I'd use `sudo a2enmod authnz_ldap` rather thann linking as you do, although the result should be the same. https://stackoverflow.com/questions/52949945/how-can-i-enable-an-apache-module-on-ddev has more detail. Basically, whatever you're doing is creating an invalid apache config. – rfay Nov 29 '18 at 17:27
  • Why is it an invalid apache config if I need to enable the ldap module? – Michael Oehlhof Nov 30 '18 at 06:44
  • Well, I'm just saying it's invalid because once you make the change the way you're making it, apache can't start. So that's the problem you have to start out. From afar, it appears that this is a standard server configuration problem that isn't working right yet. Use `apachectl -t` to see complaints apache may have about config. – rfay Nov 30 '18 at 12:50
  • I have changed the apache configuration with `sudo a2enmod` like described in the question you mentioned. I have also moved my project into a subfolder. Apache starts but I already get the 500 when accessing the subfolder. The problem must be the not accessible LDAP server from the DDEV web container. – Michael Oehlhof Dec 03 '18 at 08:07
  • You can test your ldap connection inside the container with `ddev ssh` and then use whatever ldap client tools you need (like `telnet` or `nc`) to test connectivity. We're happy to give more interactive support in the Drupal or TYPO3 #ddev channels, https://ddev.readthedocs.io/en/stable/#support – rfay Dec 04 '18 at 14:59

1 Answers1

1

Found the problem. The project was running with apache 2.2.22 and with ddev apache 2.4.25 is used. After removing 'AuthzLDAPAuthoritative' from the .htaccess file it works.

Michael Oehlhof
  • 51
  • 6