On Mon, 6 Nov 2006, Christophe Gravier wrote: > Hello, > > Regarding new Apache 2.2 authentification and authorization layers, > especially ldap-group ( > http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#reqgroup ), I > wanted to build authentification and authorization based on ldap group > membership. > > I build my directive the same way as those man pages, that means: > > <Location "/DevDSI_trac"> > SetEnv TRAC_ENV "/var/trac/DevDSI" > AuthType Basic > AuthName "DevDSI trac" > AuthBasicProvider ldap > AuthLDAPURL > ldap://ist-guizay.univ-st-etienne.fr:389/ou=person,o=istase,c=fr?uid?sub?(objectClass=*) > require ldap-group cn=satin,ou=groups,o=istase,c=fr > </Location> > > > Thank you in advance, > > Regards. > > -- > Christophe Gravier > Laboratoire DIOM, équipe SATIn - Doctorant http://portail-istase.univ-st-etienne.fr/diom/FRA/Satin.php I had trouble with LDAP Groups when using Active Directory but I think it is a symptom of my AD service. I did hqave success with ldap-filter which I could use to query an attribute of the uid returned from LDAP (sAMAccountNAme). require ldap-filter &(memberOf=G4570) This works for me as the group affiliations are "mostly" described as attributes in (our) AD. ---------------------------------------- "Mon aéroglisseur est plein d'anguilles" John P. Dodge Boeing Shared Services --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|