You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Maarten te Paske <ma...@phil.uu.nl> on 2009/09/22 16:52:47 UTC
[users@httpd] Authentication for LDAP user or htgroup member
Hi,
I'm building a website that should authenticate to an LDAP server which
is not maintained by myself. Authentication requires an 'ldap-attribute'
to limit the amount of users than can log in. In addition to that, I'd
like to create groups that consist of LDAP users defined in a
htgroup-file.
My configuration looks like this:
<Directory /path/to/docroot/>
AuthName "LDAP authentication"
AuthType Basic
AuthBasicProvider ldap file
AuthLDAPURL ldaps://xxxx.xx.xx/o=uu?uuShortId
Require ldap-attribute foo="bar"
AuthzLDAPAuthoritative off
AuthGroupFile /tmp/htgroup
AuthzGroupFileAuthoritative on
Require valid-user
Require group wOOt
Satisfy Any
</Directory>
(I obfuscated the path to the docroot, the ldap server address, the
ldap-attribute and the group defined in /tmp/htgroup).
My personal LDAP account does not contain the "foo=bar" attribute, but
it is part of group "wOOt" (defined in /tmp/htgroup).
Both authentication models work as I use them as the only method, but
when I add two methods and "Satisfy Any" I'm not asked for authentication.
I think my problem may be similar to this posting:
http://mail-archives.apache.org/mod_mbox/httpd-users/200901.mbox/%3c497883CF0200001B0005C01F@wisegate.weizmann.ac.il%3e
Unfortunately that posting doesn't have a definitive solution.
Any ideas are welcome!
--
Met vriendelijke groet,
Maarten te Paske
Systeemgroep Wijsbegeerte
Re: [users@httpd] Authentication for LDAP user or htgroup member
Posted by Maarten te Paske <ma...@phil.uu.nl>.
On Tue, Sep 22, 2009 at 04:52:47PM +0200, Maarten te Paske wrote:
> Both authentication models work as I use them as the only method, but
> when I add two methods and "Satisfy Any" I'm not asked for authentication.
I have been struggling with this issue some more, and finally came up
with a working configuration:
<Directory /path/to/docroot/>
AuthName "LDAP authentication"
AuthType Basic
AuthBasicProvider ldap file
AuthGroupFile /tmp/htgroup
AuthzGroupFileAuthoritative on
AuthLDAPURL ldaps://xxxx.xx.xx/o=uu?uuShortId
Require ldap-attribute foo="bar"
AuthzLDAPAuthoritative off
Order Deny,Allow
Deny From all
Require group wOOt
Require valid-user
Satisfy Any
</Directory>
My apologies for causing any inconvenience by posting to this list and
fixing the problem myself after all.
--
Met vriendelijke groet,
Maarten te Paske
Systeemgroep Wijsbegeerte