You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bruno Galindro da Costa <br...@gmail.com> on 2010/01/13 15:18:07 UTC

[users@httpd] TAG and ldap_auth

Hi,

    I need to authenticate the users of my network to distinguish
directories of SVN with ldap_auth. The method that I used is through the
<Location> tag. The following method that I use is the correct method to
prevent users that isnĀ“t inside the AD group GR_INT_SVN to access the /svn
location?

################ *Versions *################
Apache/2.2.9 (Win32) DAV/2 SVN/1.5.1
Windows Server 2003 Enterprise Edition
mod_authnz_ldap.so: 2.2.9

**################ *httpd.conf ####################

*ServerRoot "C:/Arquivos de programas/Apache Software Foundation/Apache2.2"

Listen 80

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule setenvif_module modules/mod_setenvif.so

LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<IfModule !mpm_netware_module>
   <IfModule !mpm_winnt_module>
      User daemon
      Group daemon
   </IfModule>
</IfModule>

ServerAdmin admin@domain.com

DocumentRoot "C:/Arquivos de programas/Apache Software
Foundation/Apache2.2/htdocs"

<Directory "C:/Arquivos de programas/Apache Software
Foundation/Apache2.2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

ErrorLog "logs/error.log"

LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access.log" common
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "C:/Arquivos de programas/Apache Software
Foundation/Apache2.2/cgi-bin/"
</IfModule>

<IfModule cgid_module>
</IfModule>

<Directory "C:/Arquivos de programas/Apache Software
Foundation/Apache2.2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

*<Location "/svn">
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off

    AuthName Subversion

    SVNPath E:\SVN\repository0
    DAV svn

    SVNListParentPath on
    SVNPathAuthz on

    AuthLDAPUrl "ldap://
domain.com/dc=domain,dc=com?samAccountName?sub?(&(objectClass=User)(MemberOf=CN=GR_INT_SVN,OU=Internal,OU=Acessos,dc=domain,dc=com))
"
        AuthLDAPBindDN "CN=SVNQueryUser,OU=QueryUsers,dc=domain,dc=com"
        AuthLDAPBindPassword pass

    require valid-user

</Location>

# Project 01
<Location "/svn/P01">
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off

        AuthName Subversion_P01

        AuthLDAPUrl "ldap://
domain.com/dc=domain,dc=com?samAccountName?sub?(&(objectClass=User)(MemberOf=CN=GR_INT_SVN_P01,OU=Internal,OU=Acessos,dc=domain,dc=com))
"
        AuthLDAPBindDN "CN=SVNQueryUser,OU=QueryUsers,dc=domain,dc=com"
        AuthLDAPBindPassword pass
</location>*

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Allow from all
</Directory>

################*####################**####################*


-- 
Att.
Bruno Galindro da Costa
bruno.galindro@gmail.com