You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Douglas L Stewart <do...@pobox.com> on 2003/05/23 20:25:14 UTC
[users@httpd] problems with LDAP and restricting access to files and directories
I am using Apache HTTPD 2.0.45 on Solaris 8. My setup is a mixture of
Apache HTTPD and Tomcat. I have an application consisting of Java
servlets and static files. I use Apache HTTPD to serve the static files
(.txt.gz and .pdf) because Tomcat doesn't seem to support serving
optimized PDF files.
I have the mod_auth_ldap module compiled and am using it as follows:
<Location "/reports">
<IfModule mod_auth_ldap.c>
AuthType Basic
AuthName "Reports Online"
AuthLDAPEnabled on
AuthLDAPURL ldap://127.0.0.1:4567/dc=mycompany,dc=com?uid?sub?(
objectClass=*)
AuthLDAPAuthoritative on
require valid-user
</IfModule>
</Location>
This part works great.
Now what I want to do is restrict certain directories of static content to
just certain LDAP users. If a user is unauthorized I want them to get a
403 error which I will use ErrorDocument to say they don't have
permissions to view the document. I don't want them get a 401, which will
just get the browser to reprompt for their password and confuse the user.
I tried putting a .htaccess file in a directory to try this by restricting
it a user named hboral:
AuthName "Reports Online"
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://127.0.0.1:5678/dc=mycompany,dc=com?uid?sub?(objectClass=
*)
AuthLDAPAuthoritative on
require user hboral
When I did this it didn't prevent access to my PDF's unfortunately, and
seems to cause problems accessing text files: ( I access them as .txt and
expect Apache to find the .txt.gz)
[Fri May 23 12:17:57 2003] [error] [client 192.168.91.12] Negotiation:
discovered file(s) matching request:
/opt/db2imsp1/reports/MMIRS/MMIRS01/2003/mmirs01.20030310.262598.txt (None
could be negotiated)., referer:
http://192.168.90.232/reports/Browse?report=2220&year=2003
Any idea how to configure this properly?
--
Douglas L Stewart
douglas@pobox.com
http://www.douglasstewart.com
--
Douglas L Stewart
douglas@pobox.com
http://www.douglasstewart.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org