Folks,
I'm attempting to using multiple LimitExcept directives in one
Location. Basically I want to give a the "Actor" ldap group GET &
PUTT access, the "WeatherMan" ldap group only GET access, and the
"Actor" ldap group PUT access. I'm open to using either apache 2.2 or
2.4, as I see that apache 2.4 supports nesting of the Limit and
LimitExcept directives. This is what I've tried so far:
<Location "/boballcharlieputs">
AuthType Basic
AuthName "Secure Area"
AuthBasicProvider ldap
AuthLDAPURL "ldap://localhost:10389/ou=users,o=company?uid";
AuthLDAPBindDN uid=binder,ou=users,o=bashoproserv
AuthLDAPBindPassword password
<LimitExcept GET PUT>
Require ldap-group cn=Actor, ou=groups, o=company
</LimitExcept>
<LimitExcept GET>
Require ldap-group cn=WeatherMan, ou=groups, o=company
</LimitExcept>
<LimitExcept PUT>
Require ldap-group cn=Actor, ou=groups, o=company
</LimitExcept>
</Location>
In this case Apache only processes the last LimitExcept, so only
operation that is successful is the PUT by a user in the Actor ldap
group.
I've also attempted to nest these statements (new feature in 2.4) and
apache complains:
"<LimitExcept> directive specifies methods already excluded"
Here is that example:
<LimitExcept GET PUT>
Require ldap-group cn=Artist, ou=groups, o=bashoproserv
<LimitExcept PUT>
Require ldap-group cn=Actor, ou=groups, o=bashoproserv
</LimitExcept>
</LimitExcept>
I feel like I'm very close to getting this working, but I'm not quite
grasping how to stack the LimitExcepts properly.
Thanks for your help,
James
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|