I'd said: > > I'm presuming that there's some way, using a mod_rewrite rule, to > extract the desired information from the URI and stash it, say, in > an environment variable. The task then is to somehow use that > extracted value to impose the appropriate restrictions in the > require directive. Thus, website authors create a directory path > ..../restricted/THIS.LDAP.__GROUP/content.that.is > <http://content.that.is>.__restricted.html and the required group > would automatically be cn=THIS.LDAP.GROUP for that directory and below. Igor Cicimov wrote:
Have a look at SetEnvIf and mod_rewrite where you can set enviroment variable based on something in the headers, uri and/or request string. Not sure if yo can use that var inside mod_authz_ldap though.
And there's the rub -- as I'd already guessed, you're confirming
there is a way to extract the desired value for a group name or filter
specification from the presented URI.
The issue remains whether I can USE that value in the REQUIRE directive
effective while satisfying the request implied by that presented URI
without somehow enhancing the functionality of the REQUIRE directive
and the extention that mod_authnz_ldap (or maybe it's util_ldap or
some other module?) provides when is adds ldap-group and ldap-filter
as potential objects to the directive.
--
J.Lance Wilkinson ("Lance") InterNet: Lance.Wilkinson@xxxxxxx
Systems Design Specialist - Lead Phone: (814) 865-4870
Digital Library Technologies FAX: (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|