[racktables-users] Re: httpd authentication

> That's the thing. The boxes were all blank which left me a little
> confused (no php warnings either). I changed the code a bit to get it
> working for what I needed. The resulting change allowed username's which

The change looks more like a short-circuit, to be honest, and I would
never run it this way with valuable data.

> authed against ldap to login if they had a corresponding local username
> in the racktables database (I'm using a blank password for the database

Having "$require_local_account = FALSE" should do quite the opposite:
it makes a local record not necessary for successful authentication of
LDAP one. Let me make it clear, when user's password is verified in
LDAP, the password from database is never used. So you could set it to,
say, "123", or any randomly-generated password.

> user because I'm not interested in keeping them synced). I would have
> thought that have "require_local_account = FALSE;"  would not require
> the database user to even exist, but it actually had a nice side-effect,
> unexpected, but nice nonetheless (because it allowed me to re-use a
> pre-existing Web OU in ldap and still limit particular users from
> logging in). Below is my non-fancy diff:

I'd suggest reverting the changes back to "vanilla" code and trying to
configure/debug it that way.

Other related posts: