Putting multiple require group directives behaves as an "AND" and not the "OR" I was hoping for. So that is not gonna work. Any ideas from the list. I can use require valid-user but that does not allow for the strict access control I am seeking. Thanks On Thu, 2009-01-15 at 08:00 -0700, James Chavez wrote: > Eric, thanks for responding. > No I did not try it yet, I was trying to get a feel from the list to see > if anyone has a similar configuration or setup. The auth_ldap > documentation does not say you can or cannot have multiple require group > entries while it explicitly mentions having multiple require user > entries is possible. This led me to question if it were possible. > > The structure of our LDAP has changed and users are now separated into > groups by location. It worked before with a single require group > directive when all were under one group. Now I need to add a couple of > more group directives and if that doesn't work I will need to rethink > things. > > Thank you > James > > > > > On Thu, 2009-01-15 at 09:43 -0500, Eric Covener wrote: > > On Thu, Jan 15, 2009 at 2:05 AM, James Chavez > > <james.chavez@xxxxxxxxxxxxxxx> wrote: > > > Hello, > > > I have 2 different groups that I need to allow access to in my > > > httpd.conf using auth_ldap. One group is for US and the other is for a > > > UK domain. > > > > > > Is it possible for me to have 2 require group directives listed one > > > after the other? And will it search through each directive to check > > > access? Or can I only use 1 directive. My example is below. > > > > > > require group CN=groupone,OU=UserGroups,OU=US,DC=example,DC=com > > > require group CN=groupone,OU=UserGroups,OU=UK,DC=example,DC=com > > > > That should work, did you try it? > > > > CONFIDENTIALITY > This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. > ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|