Issue with fcgi+LDAP

3 posts / 0 new
Last post
#1 Tue, 04/28/2009 - 03:46
marcot

Issue with fcgi+LDAP

Hello *,

after going through my way to install Virtualmin it looks like I´m now stuck at some point, already trying to figure it out for several days (nights).

OS: CentOS5.3, I´m keeping my Users + Groups in LDAP, install.sh had been utilized and bleeding edge repo used (for PHP5.2.x).

Enabled fcgi by adding the wrapper file and the directives, giving it permissions of the user and chmodding it to 750.

Migrated a P*** 8 domain into the system.

Note: When deleting a migrated domain the corresponding LDAP user gets deleted, however the group user does not get deleted from LDAP groups.

It looks like the users+groups stored in LDAP cannot be used as users for fcgi execution, I´ve only been successful when adding them additionally and manually to "standard" User+Group section.

Is this the only way of doing it, am I missing something ? My stomach tells me that I do...

Rgds, Marco

Tue, 04/28/2009 - 11:02
Joe
Joe's picture

FCGI has nothing to do with users. It can't possibly be effected by LDAP.

Do you mean suexec?

If so, assuming you've got your system properly configured to use LDAP for users and groups (and UID/GID lookups work normally), I would think it should work just fine.

A googling turns up this result right here in our very own forum...might be worth a read (and if it's not the source of your trouble, it'll at least serve as a reminder that we need to see some relevant log entries to be able to provide useful answers; otherwise we're just guessing wildly):

http://www.virtualmin.com/forums/virtualmin/virtualmin-gpl-ldap-and-suex...

And, of course, I'm just assuming you've read the LDAP guide written by Jamie:

http://www.virtualmin.com/documentation/id,combining_virtualmin_and_ldap/

Again, I actually have very little idea how LDAP works in a virtual hosting environment. Just did a little googling and such.

--

Check out the forum guidelines!

Tue, 04/28/2009 - 11:39 (Reply to #2)
marcot

Hi Joe,

thanks for your swift reply - indeed I was talking about suexec.

I´ve been reading all of the posts within this forum and out on the net on the issue, and I´ve been setting up LDAP according to Jamie´s Post.

LDAP lookup works fine for stuff like Mail, FTP etc, however suesec seems to rely on /etc/passwds, which does not contain the accounts created in LDAP.

Scenario is:

* create user/group in LDAP automatically (works fine)
* set domain to fcgi as per the sticky post (breaks)

At this point I´ll need to add the user/domain once again in /etc/passwds with exactly the same UID/GID than the LDAP one.

After having done this fcgi+suexec works fine.

Hence the basic mechanisms work I´m unshure which logfiles could be of interest (wrapper and suexec do work in general... it´s just about suexec retrieving the UID/GID from LDAP rather than files).

That´s also the area which is a big white cloud to me, and my tries to find good tuorials in the net failed so far - any suggestions on (tutorial/info) links are more than welcome.

Rgds,
Marco

Topic locked