Re: [users@httpd] Apache, LDAP AUTH and directory access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Apache, LDAP AUTH and directory access
From: Saqib.N.Ali@xxxxxxxxxxx
Date: Mon, 11 Jul 2005 06:53:09 -0700
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
In-reply-to: <200507111238.j6BCcnT6024245@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: users@xxxxxxxxxxxxxxxx

Hello,

You might have to create containers for each user. e.g.: (Notice "require saqib" instead of "require valid-user"

<Directory /ftp/private/gael>
Options MultiViews Indexes
AuthType Basic
AuthName "Private Zone"
AuthLDAPUrl ldap://127.0.0.1:389/ou=users,ou=ftp,dc=test?uid?sub?
AuthLDAPBindDN uid=avaliduidtologin,dc=test
AuthLDAPBindPassword secret
require gael
<Limit GET POST>
Order Deny,Allow
Allow from All
</Limit>
</Directory>

<Directory /ftp/private/saqib>
Options MultiViews Indexes
AuthType Basic
AuthName "Private Zone"
AuthLDAPUrl ldap://127.0.0.1:389/ou=users,ou=ftp,dc=test?uid?sub?
AuthLDAPBindDN uid=avaliduidtologin,dc=test
AuthLDAPBindPassword secret
require saqib
<Limit GET POST>
Order Deny,Allow
Allow from All
</Limit>
</Directory>
... etc

Covalent < http://www.covalent.com > provides mod_ftp < http://www.covalent.net/webinar/mod_ftp-Webinar.ppt > which does exactly what you are trying to do. And they make administration extremely easy through the use of a GUI. Take a look at that as well.

Thanks.
Saqib Ali
http://www.xml-dev.com/blog/

"Gael Mauleon" <admin@xxxxxxxxxxxxxxxxx>
No Phone Info Available

07/11/2005 05:39 AM

Please respond to
users@xxxxxxxxxxxxxxxx

To	<users@xxxxxxxxxxxxxxxx>
cc
Subject	[users@httpd] Apache, LDAP AUTH and directory access

Subject: LDAP Auth and Users Directory
From: Gael Mauleon <spamquipy@xxxxxxxx>
Newsgroups: comp.infosystems.www.servers.unix

Hi,

I have a few problems with the way I can use the LDAP auhtentification.

I want my users to view their directory with a basic authentification via
LDAP, and I don't want to modify my config file with every users I add.

Here is what I used for the test ->

UserDir /ftp/private
<Directory /ftp/private/*>
Options MultiViews Indexes
AuthType Basic
AuthName "Private Zone"
AuthLDAPUrl ldap://127.0.0.1:389/ou=users,ou=ftp,dc=test?uid?sub?
AuthLDAPBindDN uid=avaliduidtologin,dc=test
AuthLDAPBindPassword secret
require valid-user
<Limit GET POST>
Order Deny,Allow
Allow from All
</Limit>
</Directory>

This is working quite well but unfortunatly with that, everyone can
authenticate into every directory, (bob can view with his login/pass the
directory of john).

So my question is :

Can I use some variable (contening requested directory for exemple) as a
filter to my ldap search or in the Allow directive so a user can log only
to his directory ??

Or perhaps (apart the .htaccess file), another solution exists ?

Thanks in advance.
Gael.

Follow-Ups:
- RE: [users@httpd] Apache, LDAP AUTH and directory access
  - From: Gael Mauleon

References:
- [users@httpd] Apache, LDAP AUTH and directory access
  - From: Gael Mauleon

Prev by Date: [users@httpd] High load in httpd processes
Next by Date: [users@httpd] Apache 1.3.33 on XServe
Previous by thread: [users@httpd] Apache, LDAP AUTH and directory access
Next by thread: RE: [users@httpd] Apache, LDAP AUTH and directory access
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]