You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Eric Covener <co...@gmail.com> on 2010/05/07 22:04:20 UTC
Re: [users@httpd] Authenticating Apache against multiple groups in
LDAP
On Fri, May 7, 2010 at 4:00 PM, Rodrigo Montenegro
<mo...@gmail.com> wrote:
> Hey Guys!
>
> I have the following scenario. I want to authenticate and authorize users in
> a Apache server against an LDAP server.
> The things is that there is so a need to make this authorization checking up
> if the user is in one of many groups.
> The question is: is that possible? If it is, how can I make it happen?
>
> I have sucess on doing this authorization against one single group, but not
> search in many.
>
> <Location /somepath>
>
> AuthType Basic
> AuthName "Secret path"
> AuthBasicProvider ldap
> AuthLDAPUrl ldap://ldapserver/ou=organization,ou=org
> AuthzLDAPAuthoritative on
> AuthLDAPBindDN "uid=serviceuser,ou=services,ou=corp,ou=organization,ou=org"
> AuthLDAPBindPassword "servicepwd"
>
> AuthLDAPGroupAttribute uniqueMember
> AuthLDAPGroupAttributeIsDN on
>
> require ldap-group cn=group1,ou=Groups,ou=corp,ou=organization,ou=org
>
> </Location>
>
> In group1 there is a list in uniqueMember attribute containing all the DN
> users.
Just repeat the require for each group. Membership in any group lets them in.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Authenticating Apache against multiple groups in
LDAP
Posted by Rodrigo Montenegro <mo...@gmail.com>.
Thanks, Eric! You saved my life!
____________________________________________
Rodrigo Montenegro de Oliveira
On Fri, May 7, 2010 at 17:04, Eric Covener <co...@gmail.com> wrote:
> On Fri, May 7, 2010 at 4:00 PM, Rodrigo Montenegro
> <mo...@gmail.com> wrote:
> > Hey Guys!
> >
> > I have the following scenario. I want to authenticate and authorize users
> in
> > a Apache server against an LDAP server.
> > The things is that there is so a need to make this authorization checking
> up
> > if the user is in one of many groups.
> > The question is: is that possible? If it is, how can I make it happen?
> >
> > I have sucess on doing this authorization against one single group, but
> not
> > search in many.
> >
> > <Location /somepath>
> >
> > AuthType Basic
> > AuthName "Secret path"
> > AuthBasicProvider ldap
> > AuthLDAPUrl ldap://ldapserver/ou=organization,ou=org
> > AuthzLDAPAuthoritative on
> > AuthLDAPBindDN
> "uid=serviceuser,ou=services,ou=corp,ou=organization,ou=org"
> > AuthLDAPBindPassword "servicepwd"
> >
> > AuthLDAPGroupAttribute uniqueMember
> > AuthLDAPGroupAttributeIsDN on
> >
> > require ldap-group cn=group1,ou=Groups,ou=corp,ou=organization,ou=org
> >
> > </Location>
> >
> > In group1 there is a list in uniqueMember attribute containing all the DN
> > users.
>
> Just repeat the require for each group. Membership in any group lets them
> in.
>
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>