You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Doug White <bu...@yahoo.com> on 2009/09/04 17:45:42 UTC

[users@httpd] Help in authenitcating across multiple LDAPs

The problem I'm having is authenticating using groups to authorize access.  

I'm using LoadModule authn_alias_module modules/mod_authn_alias.so as to identify multiple authentication providers.  The below works fine when Require valid-user is used instead of ldap-group.  You might note I'm using svn but I'm simply hitting the Apache Server with a browser.  I haven't found an example where authorization is group.  Found pelenty of examples where Require valid-user which, of course, is of no value to me.

Please someone repond to this despirate post.

<AuthnProviderAlias ldap ldap-01>
    AuthLDAPBindDN "CN=ldapuser,OU=StandardUsers,OU=My Company,OU=Users,OU=EIT Central,DC=ad,DC=mycompany,DC=com"
    AuthLDAPBindPassword mypassword
    AuthLDAPURL ldap://ldap.ad.mycompany.com:389/DC=ad,DC=mycompany,DC=com?sAMAccountName?sub
</AuthnProviderAlias>

<AuthnProviderAlias ldap ldap-02>
    AuthLDAPBindDN "CN=ldapuser,OU=StandardUsers,OU=My Company,OU=Users,OU=EIT Central,DC=ad,DC=mycompany,DC=com"
    AuthLDAPBindPassword mypassword
    AuthLDAPURL ldap://ldap.other.mycompany.com:389/DC=other,DC=mycompany,DC=com?sAMAccountName?sub
</AuthnProviderAlias>

# Location for the Subversion repository
<Location /repository>
    DAV svn
    SVNPath c:/svn_repository
    #
    Order deny,allow
    Allow from all

    AuthBasicProvider ldap-01 ldap-02
    AuthType Basic
    AuthName 'Subversion Repository'
    AuthzLDAPAuthoritative off
    Require ldap-group CN=G-MyGroup,OU=Groups,OU=LAN Services,DC=ad,DC=mycompany,DC=com
    SVNAutoversioning on
    ModMimeUsePathInfo on
</Location>