You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Al Sarraf <as...@brownshoe.com> on 2010/02/05 19:32:15 UTC
[users@httpd] Authorize users from two ldaps
I am running Apache 2.2. I have the following configuration for apache currently and it works fine. I have ldap1 and ldap2 for authentication.
<AuthnProviderAlias ldap ldap1>
AuthLDAPURL ldap://aphelion-server:389/ou=people,cn=AdministrativeLdap,cn=App,o=org
AuthLDAPBindDN "cn=Manager"
AuthLDAPBindPassword "12345"
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap2>
AuthLDAPURL ldap://ADserver:3268/ DC=mycompany,DC=net?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN "CN=produser,OU=xx,DC=mycompany,DC=net"
AuthLDAPBindPassword "12345"
</AuthnProviderAlias>
<LocationMatch /loc1/rfa(;.*)?>
AuthzLDAPAuthoritative off
AuthName "Test"
Options -Indexes
AuthType Basic
AuthBasicProvider ldap1 ldap2
require valid-user
</LocationMatch>
The new requirement is to keep ldap1 as it is but authenticate users from a security group for ldap2. The security group is CN=App_Users,OU=All Groups,DC=mycompany,DC=net.
I have tried the following config.
<LocationMatch /loc1/rfa(;.*)?>
AuthzLDAPAuthoritative on
AuthName "Test"
Options -Indexes
AuthType Basic
AuthBasicProvider ldap1 ldap2
AuthLDAPURL ldap://ADServer:3268/DC=mycompany,DC=net?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN "CN=produser, OU=xx,DC=mycompany,DC=net"
AuthLDAPBindPassword "12345"
require ldap-group CN=App_Users,OU=All Groups,DC=mycompany,DC=net
AuthLDAPGroupAttributeIsDN on
require ldap-dn uid=user1, ou=people,cn=AdministrativeLdap,cn=App,o=org
#require valid-user
</LocationMatch>
This config works for ldap2 and it checks if user belongs to the security group. But I don't want to check the security group access for ldap1. I put the require ldap-dn directive but it only authorizes user user1 and I am not sure how to authorize all users from ldap1.
Thanks,
AL
Re: [users@httpd] Authorize users from two ldaps
Posted by Eric Covener <co...@gmail.com>.
On Fri, Feb 5, 2010 at 1:32 PM, Al Sarraf <as...@brownshoe.com> wrote:
> I am running Apache 2.2. I have the following configuration for apache
> currently and it works fine. I have ldap1 and ldap2 for authentication.
> <AuthnProviderAlias ldap ldap1>
You can't use two different AuthLDAPURL's in the same context, even
when you hide them behind the alias.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org