Apache auth

Ritmo2k · Post by **Ritmo2k** » Sun Sep 06, 2015 10:37 pm

We use ldap auth and hence I I have created users in zm to apply the specific settings a given user needs however I get all kinds of intermittent errors with socket files and broken streaming.

The http config I am using looks like:

Code: Select all

<VirtualHost *:80>
    ServerName      foo.domain.com
    ServerAlias     foo.domain.com
    DocumentRoot    /usr/share/zoneminder/www

    <Location />
      Options -Indexes +MultiViews +FollowSymLinks
      AllowOverride All
      <RequireAll>
        AuthType Basic
        AuthName "Security DVR Access"
        AuthBasicAuthoritative On
        AuthBasicProvider ldap
        ...
      </RequireAll>
    </Location>

    ScriptAlias /cgi-bin-zm "/usr/libexec/zoneminder/cgi-bin"
    <Directory "/usr/libexec/zoneminder/cgi-bin">
      AllowOverride All
      Options ExecCGI
      <RequireAll>
        AuthType Basic
        AuthName "Security DVR Access"
        AuthBasicAuthoritative On
        AuthBasicProvider ldap
        ...
      </RequireAll>
    </Directory>
</VirtualHost>

Zoneminder is setup with OPT_USE_AUTH: enabled, AUTH_TYPE: remote, AUTH_RELAY: hashed.

I get many socket failures and "Unable to authenticate user" lines in the log. This is using current packages from zmrepo on Centos7 with selinux set to permissive. Without external auth everything works fine.

Setting AUTH_RELAY: none seems to resolve the socket and "Unable to authenticate user".

For the sake of correctness, what is the suggested practice for this use case where authentication is delegated to apache but zoneminder controls authorization?

Thanks!