Can anyone help me with the following? I searched the list archives and didn't find anything that solved my problem. I've tried to organize everything concisely. Please let me know if you have any questions or advice. Thanks! GOAL To only allow authenticated Active Directory users who are a member of a specified Active Directory group to access a Location. CURRENT RESULT Authenticated Active Directory users can access the Location regardless of whether they are a member of the specified group. CONFIG <Location /svn/test> DAV svn SVNPath /svn/repos/test AuthType Basic AuthName "Subversion Repository" AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPBindDN cn=myuser,cn=Users,dc=part1,dc=part2,dc=mydomain,dc=com AuthLDAPBindPassword mypassword AuthLDAPURL "ldap://part1.part2.mydomain.com:portnum/DC=part1,DC=part2,DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=*)" require ldap-group CN=Administrators,CN=Builtin # I also tried the following line which I got from a dsquery command. #require ldap-group CN=Administrators,CN=Builtin,DC=part1,DC=part2,DC=mydomain,DC=com #require valid-user </Location> ENVIRONMENT Apache 2.2 AIX 5.3 Built using the following ksh script. #!/bin/ksh ## Define variables base_dir=/svn src_dir=$base_dir/downloads build_dir=$base_dir/build ## Create initial directories mkdir -p $build_dir ## Extract following binary packages ## autoconf.2.59.tar.Z libtool.1.5.22.tar.Z make.3.80.tar.Z ## gcc.4.1.0.tar.Z m4.1.4.4.tar.Z zlib.1.2.3.tar.Z cd $base_dir for f in $src_dir/*.Z do echo "*** Extracting $f ***" zcat $f | tar xvf - done ## Build openssl cd $build_dir gunzip $src_dir/openssl-0.9.8b.tar.gz tar xvf $src_dir/openssl-0.9.8b.tar cd $build_dir/openssl-0.9.8b ./config --prefix=/svn make make install ## Build openldap cd $build_dir gunzip $src_dir/openldap-2.3.24.tar.gz tar xvf $src_dir/openldap-2.3.24.tar cd $build_dir/openldap-2.3.24 env CPPFLAGS="-I/svn/usr/local/include -I/svn/include" LDFLAGS="-L/svn/usr/local/lib -L/svn/lib" ./configure --prefix=/svn --enable-bdb=no --enable-slapd=no make make install ## Build apache cd $build_dir gunzip $src_dir/httpd-2.2.2.tar.gz tar xvf $src_dir/httpd-2.2.2.tar cd $build_dir/httpd-2.2.2 ./configure --prefix=/svn/apache2.2 --enable-so --without-berkeley-db --enable-ssl --with-ssl=/svn --enable-dav=shar ed --enable-dav-fs=shared --enable-dav-lock=shared --enable-ldap --with-ldap --with-ldap-include=/svn/include --with -ldap-lib=/svn/lib --enable-authnz-ldap --enable-rewrite make make install --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|