AuthBasicProvider not allowed here

During vhost provisions with LDAP auth I was seeing errors:

root@test:~# /etc/init.d/apache2 restart
Syntax error on line 30 of /etc/apache2/sites-enabled/000-default:
AuthBasicProvider not allowed here
Action 'configtest' failed.
The Apache error log may have more information.

I had to do some digging to understand the problem.
LDAP auth by Vhosts need to be included into Directory tags to function. If we want to have them globally working we need to set them up in the / directory tag.
My solutions was following:

root@test:~# cat /etc/apache2/sites-enabled/000-default
<VirtualHost *:80>
        ServerAdmin webmaster@test.test
        ServerName test.test

        DocumentRoot /var/www
        <Directory />
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                AllowOverride None
                Order allow,deny
                allow from all

                AuthBasicProvider ldap
                AuthType Basic
                AuthzLDAPAuthoritative on
                AuthName "Web Browsing"
                AuthLDAPURL "ldap://ldap.test/ou=People,dc=test?userid?sub?(objectClass=*)" NONE
                AuthLDAPBindDN "cn=proxyuser,ou=People,dc=test"
                AuthLDAPBindPassword IamAsecret
                Require valid-user
        ErrorLog ${APACHE_LOG_DIR}/error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log combined

Also a short reminder, dont forget to enable modules:

root@ricardo:~# a2enmod authnz_ldap
Considering dependency ldap for authnz_ldap:
Module ldap already enabled
Module authnz_ldap already enabled

Author: S4mur4i

Happy in the unhappy world.

2 thoughts on “AuthBasicProvider not allowed here”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s