RE: Complex authentication problem with LDAP and Apache 2.2.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Joshua, thank you so much for your help. I implemented your suggestion
yesterday, and tested last night from home, and everything seemed to be
working. The solution seems counterintuitive to me; I don't think that I
would have thought of it on my own. Thanks, again.

-Kevin

-----Original Message-----
From: jslive@xxxxxxxxx [mailto:jslive@xxxxxxxxx] On Behalf Of Joshua
Slive
Sent: Thursday, March 27, 2008 2:23 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  Complex authentication problem with LDAP and
Apache 2.2.3

On Thu, Mar 27, 2008 at 2:14 PM, Zembower, Kevin <kzembowe@xxxxxxxxxx>
wrote:

>  However, in a separate section, I want to further restrict access to
>  just records in LDAP and exclude users who are originating from
inside
>  our LAN but don't have records in the LDAP.

>  This too seems to be working correctly from inside our LAN. I can
access
>  everything on the intranet site without authenticating, but if I want
>  anything in /staffonly/, I have to authenticate. When I do so, I can
>  access a document, such as /staffonly/test.html.
>
>  However, when I try to go directly to
>  http://centernet.jhuccp.org/staffonly/test.html from a host outside
of
>  our LAN, I get a 403 Forbidden error and this entry in the logs:
>  [Wed Mar 26 13:19:46 2008] [error] [client 98.218.13.184] client
denied
>  by server configuration:
/var/www/centernet/htdocs/staffonly/test.html
>
>  When I try to access the pages outside of the /staffonly/ directory
from
>  a host outside of our LAN, everything seems to work correctly after I
>  enter my credentials.

Because the Deny entries from the parent directory are inherited in
/staffonly/, when you change Satisfy to all, you completely deny
access to anyone on the Deny list. To fix that, just add
Allow from all
to the /staffonly/ directory section.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux