You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Douglas L Stewart <do...@pobox.com> on 2003/05/23 20:25:14 UTC

[users@httpd] problems with LDAP and restricting access to files and directories

I am using Apache HTTPD 2.0.45 on Solaris 8.  My setup is a mixture of
Apache HTTPD and Tomcat.  I have an application consisting of Java
servlets and static files.  I use Apache HTTPD to serve the static files
(.txt.gz and .pdf) because Tomcat doesn't seem to support serving
optimized PDF files.

I have the mod_auth_ldap module compiled and am using it as follows:

<Location "/reports">

        <IfModule mod_auth_ldap.c>

            AuthType Basic
            AuthName "Reports Online"

            AuthLDAPEnabled on
            AuthLDAPURL ldap://127.0.0.1:4567/dc=mycompany,dc=com?uid?sub?(
objectClass=*)
            AuthLDAPAuthoritative on

            require valid-user

        </IfModule>

</Location>

This part works great.

Now what I want to do is restrict certain directories of static content to
just certain LDAP users.  If a user is unauthorized I want them to get a
403 error which I will use ErrorDocument to say they don't have
permissions to view the document.  I don't want them get a 401, which will
just get the browser to reprompt for their password and confuse the user.

I tried putting a .htaccess file in a directory to try this by restricting
it a user named hboral:

AuthName "Reports Online"
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://127.0.0.1:5678/dc=mycompany,dc=com?uid?sub?(objectClass=
*)
AuthLDAPAuthoritative on
require user hboral

When I did this it didn't prevent access to my PDF's unfortunately, and
seems to cause problems accessing text files:  ( I access them as .txt and
expect Apache to find the .txt.gz)

[Fri May 23 12:17:57 2003] [error] [client 192.168.91.12] Negotiation:
discovered file(s) matching request:
/opt/db2imsp1/reports/MMIRS/MMIRS01/2003/mmirs01.20030310.262598.txt (None
could be negotiated)., referer:
http://192.168.90.232/reports/Browse?report=2220&year=2003

Any idea how to configure this properly?

-- 
Douglas L Stewart
douglas@pobox.com
http://www.douglasstewart.com


-- 
Douglas L Stewart
douglas@pobox.com
http://www.douglasstewart.com



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org