On Fri, Feb 24, 2012 at 8:59 AM, J.Lance Wilkinson <jlw12@xxxxxxx> wrote: > Eric Covener wrote: >> >> IIRC, there was a patch contributed that allowed the filter to be set >> dynamically [but not the require]. Might turn something up in >> bugzilla. > > > Shoot. Don't really like to be selectively patching things > like that. But will look into it. Setting the filter dynamically > would probably do the trick. Thanks. > LDAP attributes can be loaded into AUTHENTICATE_* vars and can be queried, but you might not be able to express the rules you need using attributes only. Some directory servers allow group membership to be read as a "magic" attribute in LDAP. Notably, tivoli directory server allows an ibm-allGroups element to be used (result only, not filtered on) which you could them find a way to check more dynamically (setenvif, allow from env=...). --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|