You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Alun Coppack <a....@inpharmatica.co.uk> on 2005/11/24 15:03:11 UTC
[users@httpd] LDAP Authentication and Subgroups/Nested groups
I am running Apache 2.0.50 with mod_auth_ldap
When I use the 'require group' directive, members of nested groups do not
seem to be recognised.
I am trying to authenticate using:
'require group cn=Authenticated_users,ou=Roles,dc=sample,dc=com'
This group, (Authenticated_Users) has a group called
'cn=Everyone,ou=Groups,dc=sample,dc=com' as a uniqueMember. The user jbloggs
is a member of cn=Everyone.
Apache does not seem to follow the nesting of groups since if I add jbloggs
directly as a uniqueMember of Authenticated_users everything works fine but
when jbloggs is only a member of Everyone, authentication fails.
I am just wondering what the standard, accepted way of setting up LDAP and
apache is. Am I structuring my directory incorrectly? Any help resolving
this would be appreciated.
Thanks,
Alun
The sample ldif is included below:
# OU DEFINITIONS
# People OU - for holding records of all individuals
dn: ou=People,dc=sample,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
# Groups OU - for holding records of groupings of individuals
dn: ou=Groups,dc=sample,dc=com
ou: Groups
objectClass: top
objectClass: organizationalUnit
# Roles OU - for holding records of roles and the groups to which those
roles have been assigned
dn: ou=Roles,dc=sample,dc=com
ou: Roles
objectClass: top
objectClass: organizationalUnit
# PEOPLE ENTRIES
dn: uid=jbloggs,ou=People,dc=sample,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: Bloggs
cn: Joe
uid: jbloggs
userpassword: no3XJAZeeb9AKbGNY65/masWpZE=
mail: jbloggs@sample.com
# GROUPS ENTRIES
dn: cn=Everyone,ou=Groups,dc=sample,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Everyone
uniqueMember: uid=jbloggs,ou=People,dc=sample,dc=com
# ROLES ENTRIES
dn: cn=Authenticated_users,ou=Roles,dc=sample,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Authenticated_users
uniqueMember: cn=Everyone,ou=Groups,dc=sample,dc=com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org