You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Tony Rice (trice)" <tr...@cisco.com> on 2009/10/01 23:18:49 UTC
[users@httpd] group authorization via LDAP
I'm trying to convert from DBM file based authentication and
authorization to LDAP based authentication and authorization in Apache
2.2.11.
We've already got a large number of .htaccess files with specific
configs for individual directories that are using "require user" and
"require group". Is it possible to configure the apache server to allow
those .htaccess to continue work as expected or must we change them to
"require ldap-user" and "require ldap-group"?
I'm digging through the mod_authnz_ldap docs but the config to specify
the base for group authorization (in my case: "ou=GroupStuff,ou=Our
Groups,dc=Company,dc=Com") just isn't jumping out at me.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] group authorization via LDAP
Posted by "Tony Rice (trice)" <tr...@cisco.com>.
Thanks makes sense and works well using require ldap-filter
-Tony
> -----Original Message-----
> From: Eric Covener [mailto:covener@gmail.com]
> Sent: Friday, October 02, 2009 3:38 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] group authorization via LDAP
>
> > AuthLDAPGroupAttribute memberOf
> >
> > require ldap-group CN=mygroup,OU=GroupStuff,OU=Company
> > Groups,DC=dev,DC=company,DC=com
> >
> > My LDAP entry (using the URL above) looks like this:
> > dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com
> >
> > objectClass: top
> > person
> > organizationalPerson
> > user
> > cn: trice
> > <you don't care what my address, mailbox number, etc. is so ... snip>
> > memberOf: CN=mygroup,OU=GroupStuff,OU=Company
> > Groups,DC=dev,DC=company,DC=com
> > CN=admins,OU=Standard,OU=Company
> > Groups,DC=dev,DC= company,DC=com
> > department: 8675309
> > company: Company, Inc.
>
>
> Your config looks for entries like this in ldap:
>
> cn: =mygroup,OU=Grou....
> memberOf: trice
> memberOf: bob
> ...
>
> Your LDAP setup should use require ldap-filter to find a memberOf
> under the _user_ that signifies membership in a group, or find how the
> groups entry lists users (not memberOf, but something like member or
> uniqueMember). ldap-filter starts at the user and looks for stuff,
> ldap-group starts at the group and looks for an entry listing your
> user.
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] group authorization via LDAP
Posted by Eric Covener <co...@gmail.com>.
> AuthLDAPGroupAttribute memberOf
>
> require ldap-group CN=mygroup,OU=GroupStuff,OU=Company
> Groups,DC=dev,DC=company,DC=com
>
> My LDAP entry (using the URL above) looks like this:
> dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com
>
> objectClass: top
> person
> organizationalPerson
> user
> cn: trice
> <you don't care what my address, mailbox number, etc. is so ... snip>
> memberOf: CN=mygroup,OU=GroupStuff,OU=Company
> Groups,DC=dev,DC=company,DC=com
> CN=admins,OU=Standard,OU=Company
> Groups,DC=dev,DC= company,DC=com
> department: 8675309
> company: Company, Inc.
Your config looks for entries like this in ldap:
cn: =mygroup,OU=Grou....
memberOf: trice
memberOf: bob
...
Your LDAP setup should use require ldap-filter to find a memberOf
under the _user_ that signifies membership in a group, or find how the
groups entry lists users (not memberOf, but something like member or
uniqueMember). ldap-filter starts at the user and looks for stuff,
ldap-group starts at the group and looks for an entry listing your
user.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] group authorization via LDAP
Posted by "Tony Rice (trice)" <tr...@cisco.com>.
One other wrinkle to add to this. I can get "require ldap-group" to
work, but only if all the Auth config lines are in the .htaccess file.
If it's in the httpd.conf file and only require lines are in the
.htaccess file require ldap-group produces the errors below (though
"require valid-user" and "require ldap-filter" work fine either way).
-Tony
> -----Original Message-----
> From: Tony Rice (trice)
> Sent: Friday, October 02, 2009 1:52 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] group authorization via LDAP
>
> I'm able to do LDAP based group authorization when specify the group
> info as a filter in the LDAP URL but I'd like to configure a more
> generic LDAP string in the apache config and allow users to control
> access by group membership using .htaccess files. I'm able to
> authenticate based on userid/password but can seem to get the config
> quite right to authorize based on group membership.
>
> These memberships are in the memberOf attribute on User records In
the
> LDAP tree, users are in OU=Company Users, groups are in OU=GroupStuff
> and OU=Standard under OU=Company Groups.
>
> The log files complain that an attribute can't be found for the group
> value specified. Any ideas?
>
>
> My ldap config looks like this:
> AuthName "Active Directory"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPBindDN "CN=mybinduser,OU=Generics,OU=Company
> Users,DC=dev,DC=company,DC=com"
> AuthLDAPBindPassword secret
> AuthLDAPRemoteUserAttribute cn
>
> AuthLDAPUrl "ldap://dev.company.com:389/OU=Company
> Users,DC=dev,DC=company,DC=com?cn?sub?"
> AuthzLDAPAuthoritative on
> AuthLDAPGroupAttribute memberOf
>
> .htaccess file looks like this:
> require valid-user
> require ldap-group CN=mygroup,OU=GroupStuff,OU=Company
> Groups,DC=dev,DC=company,DC=com
>
>
> Logs look like this:
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(875): [6756]
> auth_ldap url parse: `ldap://dev.company.com:389/OU=Company
> Users,DC=dev,DC=company,DC=com?cn?sub?'
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(884): [6756]
> auth_ldap url parse: Host: dev.company.com:389
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(886): [6756]
> auth_ldap url parse: Port: 389
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(888): [6756]
> auth_ldap url parse: DN: OU= Company Users,DC=dev,DC=company,DC=com
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(890): [6756]
> auth_ldap url parse: attrib: cn
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(892): [6756]
> auth_ldap url parse: scope: subtree
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(897): [6756]
> auth_ldap url parse: filter: (null)
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(977): LDAP:
> auth_ldap not using SSL connections
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(377): [client
> 64.102.41.173] [6756] auth_ldap authenticate: using URL
> ldap://dev.company.com:389/OU= Company
> Users,DC=dev,DC=company,DC=com?cn?sub?
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(474): [client
> 64.102.41.173] [6756] auth_ldap authenticate: accepting trice
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(715): [client
> 64.102.41.173] [6756] auth_ldap authorise: require group: testing for
> group membership in "CN=mygroup,OU=GroupStuff,OU=Company
> Groups,DC=dev,DC=company,DC=com"
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(721): [client
> 64.102.41.173] [6756] auth_ldap authorise: require group: testing for
> memberOf: CN=trice,OU=Employees,OU=Company
> Users,DC=dev,DC=company,DC=com (CN=mygroup,OU=GroupStuff,OU=Company
> Groups,DC=dev,DC=company,DC=com)
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(737): [client
> 64.102.41.173] [6756] auth_ldap authorise: require group
> "CN=mygroup,OU=GroupStuff,OU=Company Groups,DC=dev,DC=company,DC=com":
> authorisation failed [Comparison no such attribute (adding to
> cache)][No
> such attribute]
> [Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(852): [client
> 64.102.41.173] [6756] auth_ldap authorise: authorisation denied
>
> My LDAP entry (using the URL above) looks like this:
> dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com
>
> objectClass: top
> person
> organizationalPerson
> user
> cn: trice
> <you don't care what my address, mailbox number, etc. is so ... snip>
> memberOf: CN=mygroup,OU=GroupStuff,OU=Company
> Groups,DC=dev,DC=company,DC=com
> CN=admins,OU=Standard,OU=Company
> Groups,DC=dev,DC= company,DC=com
> department: 8675309
> company: Company, Inc.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] group authorization via LDAP
Posted by "Tony Rice (trice)" <tr...@cisco.com>.
I'm able to do LDAP based group authorization when specify the group
info as a filter in the LDAP URL but I'd like to configure a more
generic LDAP string in the apache config and allow users to control
access by group membership using .htaccess files. I'm able to
authenticate based on userid/password but can seem to get the config
quite right to authorize based on group membership.
These memberships are in the memberOf attribute on User records In the
LDAP tree, users are in OU=Company Users, groups are in OU=GroupStuff
and OU=Standard under OU=Company Groups.
The log files complain that an attribute can't be found for the group
value specified. Any ideas?
My ldap config looks like this:
AuthName "Active Directory"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPBindDN "CN=mybinduser,OU=Generics,OU=Company
Users,DC=dev,DC=company,DC=com"
AuthLDAPBindPassword secret
AuthLDAPRemoteUserAttribute cn
AuthLDAPUrl "ldap://dev.company.com:389/OU=Company
Users,DC=dev,DC=company,DC=com?cn?sub?"
AuthzLDAPAuthoritative on
AuthLDAPGroupAttribute memberOf
.htaccess file looks like this:
require valid-user
require ldap-group CN=mygroup,OU=GroupStuff,OU=Company
Groups,DC=dev,DC=company,DC=com
Logs look like this:
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(875): [6756]
auth_ldap url parse: `ldap://dev.company.com:389/OU=Company
Users,DC=dev,DC=company,DC=com?cn?sub?'
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(884): [6756]
auth_ldap url parse: Host: dev.company.com:389
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(886): [6756]
auth_ldap url parse: Port: 389
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(888): [6756]
auth_ldap url parse: DN: OU= Company Users,DC=dev,DC=company,DC=com
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(890): [6756]
auth_ldap url parse: attrib: cn
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(892): [6756]
auth_ldap url parse: scope: subtree
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(897): [6756]
auth_ldap url parse: filter: (null)
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(977): LDAP:
auth_ldap not using SSL connections
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(377): [client
64.102.41.173] [6756] auth_ldap authenticate: using URL
ldap://dev.company.com:389/OU= Company
Users,DC=dev,DC=company,DC=com?cn?sub?
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(474): [client
64.102.41.173] [6756] auth_ldap authenticate: accepting trice
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(715): [client
64.102.41.173] [6756] auth_ldap authorise: require group: testing for
group membership in "CN=mygroup,OU=GroupStuff,OU=Company
Groups,DC=dev,DC=company,DC=com"
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(721): [client
64.102.41.173] [6756] auth_ldap authorise: require group: testing for
memberOf: CN=trice,OU=Employees,OU=Company
Users,DC=dev,DC=company,DC=com (CN=mygroup,OU=GroupStuff,OU=Company
Groups,DC=dev,DC=company,DC=com)
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(737): [client
64.102.41.173] [6756] auth_ldap authorise: require group
"CN=mygroup,OU=GroupStuff,OU=Company Groups,DC=dev,DC=company,DC=com":
authorisation failed [Comparison no such attribute (adding to cache)][No
such attribute]
[Fri Oct 02 10:09:47 2009] [debug] mod_authnz_ldap.c(852): [client
64.102.41.173] [6756] auth_ldap authorise: authorisation denied
My LDAP entry (using the URL above) looks like this:
dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com
objectClass: top
person
organizationalPerson
user
cn: trice
<you don't care what my address, mailbox number, etc. is so ... snip>
memberOf: CN=mygroup,OU=GroupStuff,OU=Company
Groups,DC=dev,DC=company,DC=com
CN=admins,OU=Standard,OU=Company
Groups,DC=dev,DC= company,DC=com
department: 8675309
company: Company, Inc.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] group authorization via LDAP
Posted by Eric Covener <co...@gmail.com>.
On Fri, Oct 2, 2009 at 10:36 AM, Tony Rice (trice) <tr...@cisco.com> wrote:
> Is our only choice changing all the .htaccess files with "require group
> <group name>" to "require ldap-group cn=<group name>,ou=some long ldap
> string" in order to make the switch group authorization via LDAP groups?
Yes.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] group authorization via LDAP
Posted by "Tony Rice (trice)" <tr...@cisco.com>.
Is our only choice changing all the .htaccess files with "require group
<group name>" to "require ldap-group cn=<group name>,ou=some long ldap
string" in order to make the switch group authorization via LDAP groups?
-Tony
> -----Original Message-----
> From: Tom Evans [mailto:tevans.uk@googlemail.com]
> Sent: Friday, October 02, 2009 4:36 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] group authorization via LDAP
>
> On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote:
> > I'm trying to convert from DBM file based authentication and
> > authorization to LDAP based authentication and authorization in
> Apache
> > 2.2.11.
> >
> > We've already got a large number of .htaccess files with specific
> > configs for individual directories that are using "require user" and
> > "require group". Is it possible to configure the apache server to
> allow
> > those .htaccess to continue work as expected or must we change them
> to
> > "require ldap-user" and "require ldap-group"?
> >
> > I'm digging through the mod_authnz_ldap docs but the config to
> specify
> > the base for group authorization (in my case: "ou=GroupStuff,ou=Our
> > Groups,dc=Company,dc=Com") just isn't jumping out at me.
> >
>
> This is how we do it:
>
> AuthType Basic
> AuthName "Company"
> AuthBasicProvider "ldap"
> AuthLDAPURL "ldap://ldap/o=Company?mail?sub?(accountActive=TRUE)"
> AuthLDAPBindDN "cn=authuser,ou=System Accounts,o=Company"
> AuthLDAPBindPassword "authpass"
> AuthzLDAPAuthoritative "On"
> Require valid-user
> Require ldap-group cn=Department,ou=Groups,o=Company
>
>
> Cheers
>
> Tom
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] group authorization via LDAP
Posted by Eric Covener <co...@gmail.com>.
On Fri, Oct 2, 2009 at 8:38 AM, Marc Patermann
<ha...@ofd-sth.niedersachsen.de> wrote:
> Hi,
>
> Tom Evans schrieb:
>>
>> On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote:
>
>> This is how we do it:
>> [...]
>> AuthzLDAPAuthoritative "On"
>> Require valid-user
>> Require ldap-group cn=Department,ou=Groups,o=Company
>
> Does this work?
> When I read the docs:
> "Require valid-user
> If this directive exists, mod_authnz_ldap grants access to any user that has
> successfully authenticated during the search/bind phase."
> and:
> "Other Require values may also be used which may require loading additional
> authorization modules. Note that if you use a Require value from another
> authorization module, you will need to ensure that AuthzLDAPAuthoritative
> is set to off to allow the authorization phase to fall back to the module
> providing the alternate Require value."
> -> http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
>
> This seems to me like either "Require valid-user" is not working at all -
> because AuthzLDAPAuthoritative is "On" - or it overrules any ldap-group
> setting. Hm!?
The doc is poor in this regard. mod_authnz_ldap does not handle
"valid-user", it allows another module to handle it [if the request
gets that far]. This is why the AuthzLDAPAuthoritiative does not
apply to the "Require valid-user", and this quoted config boils down
to the same as if you'd removed the first two quoted directives
[IIUC].
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] group authorization via LDAP
Posted by Marc Patermann <ha...@ofd-sth.niedersachsen.de>.
Hi,
Tom Evans schrieb:
> On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote:
> This is how we do it:
> [...]
> AuthzLDAPAuthoritative "On"
> Require valid-user
> Require ldap-group cn=Department,ou=Groups,o=Company
Does this work?
When I read the docs:
"Require valid-user
If this directive exists, mod_authnz_ldap grants access to any user that
has successfully authenticated during the search/bind phase."
and:
"Other Require values may also be used which may require loading
additional authorization modules. Note that if you use a Require value
from another authorization module, you will need to ensure that
AuthzLDAPAuthoritative is set to off to allow the authorization phase
to fall back to the module providing the alternate Require value."
-> http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
This seems to me like either "Require valid-user" is not working at all
- because AuthzLDAPAuthoritative is "On" - or it overrules any
ldap-group setting. Hm!?
Marc
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] group authorization via LDAP
Posted by Tom Evans <te...@googlemail.com>.
On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote:
> I'm trying to convert from DBM file based authentication and
> authorization to LDAP based authentication and authorization in Apache
> 2.2.11.
>
> We've already got a large number of .htaccess files with specific
> configs for individual directories that are using "require user" and
> "require group". Is it possible to configure the apache server to allow
> those .htaccess to continue work as expected or must we change them to
> "require ldap-user" and "require ldap-group"?
>
> I'm digging through the mod_authnz_ldap docs but the config to specify
> the base for group authorization (in my case: "ou=GroupStuff,ou=Our
> Groups,dc=Company,dc=Com") just isn't jumping out at me.
>
This is how we do it:
AuthType Basic
AuthName "Company"
AuthBasicProvider "ldap"
AuthLDAPURL "ldap://ldap/o=Company?mail?sub?(accountActive=TRUE)"
AuthLDAPBindDN "cn=authuser,ou=System Accounts,o=Company"
AuthLDAPBindPassword "authpass"
AuthzLDAPAuthoritative "On"
Require valid-user
Require ldap-group cn=Department,ou=Groups,o=Company
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org