You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Gabriel Harmon <ga...@deltadentalva.com> on 2011/06/22 17:02:38 UTC
[users@httpd] Syntax question
In the httpd.conf file, I have the following line which allows people in a specific distribution list that is maintained by our Active Directory access to the dirs in SVN:
AuthLDAPURL ldap://OurServer:OurPort/DC=xxxx,DC=com?sAMAccountName?sub?(objectClass=user)(memberOf=CN=OurADName,CN=users,DC=xxxxx,DC=com)
I have two more AD groups that I'd like to allow access to SVN. Is the following valid? If not, is this possible (allowing multiple Groups access to separate areas)? If so, and I'm not close with my syntax, where can I go for additional reading?
AuthLDAPURL ldap://OurServer:OurPort/DC=xxxx,DC=com?sAMAccountName?sub?(objectClass=user)(memberOf=CN=OurADName,CN=users,DC=xxxxx,DC=com) (memberOf=CN=ADGroupOne,CN=users,DC=xxxxx,DC=com)(memberOf=CN=ADGroupTwo,CN=users,DC=xxxxx,DC=com)
Thanks,
Gabriel Harmon
Configuration Manager
Delta Dental of VA
(540) 989-8000 x3112
The information contained in this email and subsequent attachments
may be privileged, confidential and protected from disclosure. This
transmission is intended for the sole use of the individual and entity to
whom it is addressed. If you are not the intended recipient, any
dissemination, distribution or copying is strictly prohibited. If you have
received this message in error, please email the sender at the above
email address.
Re: [users@httpd] Syntax question
Posted by Igor Galić <i....@brainsware.org>.
----- Original Message -----
>
>
>
> In the httpd.conf file, I have the following line which allows people
> in a specific distribution list that is maintained by our Active
> Directory access to the dirs in SVN:
>
>
>
> AuthLDAPURL
> ldap://OurServer:OurPort/DC=xxxx,DC=com?sAMAccountName?sub?(objectClass=user)(memberOf=CN=OurADName,CN=users,DC=xxxxx,DC=com)
>
>
>
>
>
> I have two more AD groups that I’d like to allow access to SVN. Is
> the following valid? If not, is this possible (allowing multiple
> Groups access to separate areas)? If so, and I’m not close with my
> syntax, where can I go for additional reading?
>
>
>
> AuthLDAPURL
> ldap://OurServer:OurPort/DC=xxxx,DC=com?sAMAccountName?sub?(objectClass=user)(memberOf=CN=OurADName,CN=users,DC=xxxxx,DC=com)
> (memberOf=CN=ADGroupOne,CN=users,DC=xxxxx,DC=com)(memberOf=CN=ADGroupTwo,CN=users,DC=xxxxx,DC=com)
I think you should keep the AuthLDAPURL simple, and instead use
Require ldap-filter
http://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#reqfilter
where appropriate.
> Thanks,
>
> Gabriel Harmon
> Configuration Manager
> Delta Dental of VA
> (540) 989-8000 x3112
>
>
> The information contained in this email and subsequent attachments
> may be privileged, confidential and protected from disclosure. This
> transmission is intended for the sole use of the individual and
> entity to
> whom it is addressed. If you are not the intended recipient, any
> dissemination, distribution or copying is strictly prohibited. If you
> have
> received this message in error, please email the sender at the above
> email address.
You're sending this to a publicly archived mailing list, all bets are off.
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org