Hi.I'm trying to provide users on my site with the ability to offer pages protected by .htaccess using the httpd mod_ldap/mod_authn_ldap modules. Authentication by username, and authorization by group name.
However, I can't give the users the AuthLDAPBindPassword, and I'd rather pre-define the AuthLDAPBindDN and AuthLDAPURL as well.
From looking at the docs, it looks like I can use <AuthnProviderAlias my-ldap> AuthLDAPURL ... AuthLDAPBindDN ... AuthLDAPBindPassword ... </AuthnProviderAlias>Now when the users uses: AuthBasicProvider my-ldap, those values get inherited. This is terrific.
but then for the authorization part, if I want users to be able to authorize based on groups, and I don't want them to have to enter the URL/BindDN/Password, then for each and every group, it appears that I need to have a section in my apache config:
<AuthzProviderAlias ldap-group ....> AuthLDAPURL AuthLDAPBindDN AuthLDAPBindPassword ... Require ldap-group cn=mygroup,... </AuthzProviderAlias> Is that really true? or am I missing something? Is there no other way? Jason. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|