I have psldap globally configured with PsLDAPEnableAuth turned off, but I'm still confronted with an "Authorization Required" message when I try to access a resource. What's wrong?
I suspect that was has happened is that you have defined one of the following in a parent directory:
AuthType cookie
AuthName "Some Auth"
require valid-user
When we set the PsLDAPEnableAuth to 'off', psldap will decline the request for authentication and allow another authentication mechanism to handle the authentication / authorization request processing. If no other mechanism is present, the server will correctly deny access to the user. What you really need to do to completely turn off authentication is to ensure the AuthType, AuthName, and require settings are not present.
If you really want to disable authentication and authorization completely in Apache for a given resource / directory under a protected location, add the following line to the configuration:
Satisfy any
Authentication doesn't work in my configuration. I get a message as a notice in my syslog stating the following: "LDAP user XXX not found or password invalid." What is happening?
mod_psldap authenticates the user by opening up a LDAP connection using the provided credentials. One of the credentials is an attribute in the user's record. In order to get the dn to perform a login, mod_psldap must first search the LDAP store for the records with an attribute value that matches the one provided by the user. It will perform this search first using the parameters provided in the PsLDAPBind* attributes and then attempt an anonymous search of the LDAP store. A failure to autheticate indicates one of two conditions: