You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rodrigo Montenegro <mo...@gmail.com> on 2010/05/07 22:00:11 UTC
[users@httpd] Authenticating Apache against multiple groups in LDAP
Hey Guys!
I have the following scenario. I want to authenticate and authorize users in
a Apache server against an LDAP server.
The things is that there is so a need to make this authorization checking up
if the user is in one of many groups.
The question is: is that possible? If it is, how can I make it happen?
I have sucess on doing this authorization against one single group, but not
search in many.
<Location /somepath>
AuthType Basic
AuthName "Secret path"
AuthBasicProvider ldap
AuthLDAPUrl ldap://ldapserver/ou=organization,ou=org
AuthzLDAPAuthoritative on
AuthLDAPBindDN "uid=serviceuser,ou=services,ou=corp,ou=organization,ou=org"
AuthLDAPBindPassword "servicepwd"
AuthLDAPGroupAttribute uniqueMember
AuthLDAPGroupAttributeIsDN on
require ldap-group cn=group1,ou=Groups,ou=corp,ou=organization,ou=org
</Location>
In group1 there is a list in uniqueMember attribute containing all the DN
users.
Please help!
____________________________________________
Rodrigo Montenegro de Oliveira
Re: [users@httpd] Authenticating Apache against multiple groups in
LDAP
Posted by Rodrigo Montenegro <mo...@gmail.com>.
Thanks, Eric! You saved my life!
____________________________________________
Rodrigo Montenegro de Oliveira
On Fri, May 7, 2010 at 17:04, Eric Covener <co...@gmail.com> wrote:
> On Fri, May 7, 2010 at 4:00 PM, Rodrigo Montenegro
> <mo...@gmail.com> wrote:
> > Hey Guys!
> >
> > I have the following scenario. I want to authenticate and authorize users
> in
> > a Apache server against an LDAP server.
> > The things is that there is so a need to make this authorization checking
> up
> > if the user is in one of many groups.
> > The question is: is that possible? If it is, how can I make it happen?
> >
> > I have sucess on doing this authorization against one single group, but
> not
> > search in many.
> >
> > <Location /somepath>
> >
> > AuthType Basic
> > AuthName "Secret path"
> > AuthBasicProvider ldap
> > AuthLDAPUrl ldap://ldapserver/ou=organization,ou=org
> > AuthzLDAPAuthoritative on
> > AuthLDAPBindDN
> "uid=serviceuser,ou=services,ou=corp,ou=organization,ou=org"
> > AuthLDAPBindPassword "servicepwd"
> >
> > AuthLDAPGroupAttribute uniqueMember
> > AuthLDAPGroupAttributeIsDN on
> >
> > require ldap-group cn=group1,ou=Groups,ou=corp,ou=organization,ou=org
> >
> > </Location>
> >
> > In group1 there is a list in uniqueMember attribute containing all the DN
> > users.
>
> Just repeat the require for each group. Membership in any group lets them
> in.
>
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Authenticating Apache against multiple groups in
LDAP
Posted by Eric Covener <co...@gmail.com>.
On Fri, May 7, 2010 at 4:00 PM, Rodrigo Montenegro
<mo...@gmail.com> wrote:
> Hey Guys!
>
> I have the following scenario. I want to authenticate and authorize users in
> a Apache server against an LDAP server.
> The things is that there is so a need to make this authorization checking up
> if the user is in one of many groups.
> The question is: is that possible? If it is, how can I make it happen?
>
> I have sucess on doing this authorization against one single group, but not
> search in many.
>
> <Location /somepath>
>
> AuthType Basic
> AuthName "Secret path"
> AuthBasicProvider ldap
> AuthLDAPUrl ldap://ldapserver/ou=organization,ou=org
> AuthzLDAPAuthoritative on
> AuthLDAPBindDN "uid=serviceuser,ou=services,ou=corp,ou=organization,ou=org"
> AuthLDAPBindPassword "servicepwd"
>
> AuthLDAPGroupAttribute uniqueMember
> AuthLDAPGroupAttributeIsDN on
>
> require ldap-group cn=group1,ou=Groups,ou=corp,ou=organization,ou=org
>
> </Location>
>
> In group1 there is a list in uniqueMember attribute containing all the DN
> users.
Just repeat the require for each group. Membership in any group lets them in.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authenticating Apache against multiple groups in
LDAP
Posted by Rodrigo Montenegro <mo...@gmail.com>.
Yeah James, I thought that too, but the groups are a bit different for other
urls.
____________________________________________
Rodrigo Montenegro de Oliveira
On Fri, May 7, 2010 at 17:06, James Zuelow <Ja...@ci.juneau.ak.us>wrote:
>
> >From: Rodrigo Montenegro [mailto:montenegro.r@gmail.com]
> >Sent: Friday, 07 May, 2010 12:00
> >To: users@httpd.apache.org
> >Subject: [users@httpd] Authenticating Apache against multiple groups in
> LDAP
>
>
> >Hey Guys!
>
> >I have the following scenario. I want to authenticate and authorize users
> in a Apache server against an LDAP server.
> >The things is that there is so a need to make this authorization checking
> up if the user is in one of many groups.
> >The question is: is that possible? If it is, how can I make it happen?
>
> >I have sucess on doing this authorization against one single group, but
> not search in many.
>
>
>
> Would it be too much of a problem to simply make a single group, that has
> as members all of the groups you are interested in?
>
> James
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
RE: [users@httpd] Authenticating Apache against multiple groups in
LDAP
Posted by James Zuelow <Ja...@ci.juneau.ak.us>.
>From: Rodrigo Montenegro [mailto:montenegro.r@gmail.com]
>Sent: Friday, 07 May, 2010 12:00
>To: users@httpd.apache.org
>Subject: [users@httpd] Authenticating Apache against multiple groups in LDAP
>Hey Guys!
>I have the following scenario. I want to authenticate and authorize users in a Apache server against an LDAP server.
>The things is that there is so a need to make this authorization checking up if the user is in one of many groups.
>The question is: is that possible? If it is, how can I make it happen?
>I have sucess on doing this authorization against one single group, but not search in many.
Would it be too much of a problem to simply make a single group, that has as members all of the groups you are interested in?
James
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org