apache ldap authentication: groups with spaces and negation in ldap-filter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm running Apache HTTP on a Linux server and authenticating via LDAP
with an Active Directory server.

I've encountered two difficulties.

1) I can't seem to allow access for members of a group which name
contains spaces.

My config lines are:

            AuthLDAPBindDN "CN=ldapbind,CN=Users,DC=mydomain,DC=org"
            AuthLDAPBindPassword "mysecret"
            AuthLDAPURL
"ldaps://myADserver/cn=Users,dc=mydomain,dc=org?sAMAccountName?sub?(objectClass=*)"
            AuthType Basic
            AuthName "requires authentication"
            AuthBasicProvider ldap
            AuthUserFile /dev/null
            Options None
            require ldap-filter
memberof:1.2.840.113556.1.4.1941:=CN=my
group,CN=Users,DC=mydomain,DC=org

Authentication works as expected if I create a new group "mygroup" in
AD which contains the member "my group", and I replace the last config
line with:

            require ldap-filter
memberof:1.2.840.113556.1.4.1941:=CN=mygroup,CN=Users,DC=mydomain,DC=org

I tried adding " or ' after ldap-filter, but they don't seem to make
any difference.
How are spaces dealt with?

2) I am unable to "allow all members of mygroup but exclude one
particular user myuser".

I tried the following config line, but it seems to block access to everyone:

            require ldap-filter
(&(memberof:1.2.840.113556.1.4.1941:=CN=mygroup,CN=Users,DC=mydomain,DC=org)(!(CN=myuser)))

I'm not too familiar with the LDAP filter format, but where's my mistake?
Does Active Directory support ! "not" in the expression?

Vieri

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux