You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Rainer Sokoll <r....@intershop.de> on 2010/09/14 10:48:34 UTC

[users@httpd] Zugriff fuer eine LDAP-Gruppe verbieten

Hallo,

folgendes Problem (apache 2.0.63):

Auf einen bestimmten Pfad, der zugriffsgeschützt ist (mod_ldap) sollen
alle authentifizierten User zugreifen können - bis auf eine bestimmte
LDAP-Gruppe.
Ich dachte an sowas:

<Location /pfad/>
  Auth-Geraffel
  require valid-user
  <LimitExcept ALL>
    require group cn=....
  </LimitExcept>
</Location>

Aber das LimitExcept macht mir Sorgen - ich mag dort eigentlich nicht
jede denkbare Methode verewigen.
Hat jemand hier vielleicht einen inteligenteren Vorschlag?

Rainer

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Zugriff fuer eine LDAP-Gruppe verbieten

Posted by Rainer Sokoll <r....@intershop.de>.

Oh, stupid me. I apologize for the previous post in German.

My problem (apache 2.0.63):

I have a certain path, protected by mod_auth_ldap. Access is granted to
authenticated users only.
Now, I need to deny access for all members of a certain LDAP group, but
all the other users still must have access.

I thought somthing like this can solve the problem:

<Location /path/to/somewhere/>
  Auth-stuff
  require valid-user
  <LimitExcept ALL>
    require group cn=....
  </LimitExcept>
</Location>

But I wonder about the LimitExcept directive. I do not want to include
all possible methods here.
Is there a more intelligent way to solve my problem?

Again, sorry for the German noise :-)

Rainer

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org