You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Marcel Ammerlaan <ma...@gmail.com> on 2009/08/10 13:02:21 UTC

[users@httpd] Separate authentication and authorization databases

Hi,

I'm trying to setup a somewhat unusual security architecure with Apache HTTP
and wonder if this can be achieved at all.
Basically, I have 2 LDAP servers one with user-accounts and a second with
user/group mappings.
The first LDAP is Windows AD and I query that via SASL (using
mod_authn_sasl).
The second LDAP is ApacheDS.

I can successfully use the SASL authentication and using a 'require
valid-user' everyone with an AD
account is granted access. However, I'd like a 'require ldap-group' setting
with a group from the second
LDAP. This would require the use of mod_auth_ldap but then I loose the
required SASL login.

Is there a way to have authentication done on 1 backend and get the
authorization from a second one
where both are required?

Regards,

Marcel Ammerlaan.