Bug 66375 - The documentation for AuthzProviderAlias looks wrong.
Summary: The documentation for AuthzProviderAlias looks wrong.
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Documentation (show other bugs)
Version: 2.4-HEAD
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: HTTP Server Documentation List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-04 17:43 UTC by Sebb
Modified: 2022-12-04 17:43 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebb 2022-12-04 17:43:24 UTC 
The documentation for AuthzProviderAlias [1] looks wrong.

AFAICT including 'Require all granted' means that anyone can access
the directory.
This is borne out by my local testing.

If I remove the Require line, then httpd complains "AuthUserFile not
specified in the configuration". Presumably this is because auth is
now needed, but the config is incorrect.

If I change AuthBasicProvider to ldap, it complains that AuthLDAPUrl is missing.

It would make more sense if the example used LDAP for both authn and authz, but another way to fix it would be to add a AuthUserFile line.

Also the example AuthzProviderAlias entries seem very contrived.

It might make more sense to use an example of two LDAP groups which use different attributes to hold their members. e.g. some use member (which is normally a DN) and some use memberUid (which is normally just the Uid).


[1] https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#authzalias