Greetings!In testing mod_authz_dbd it seems that the if a user is a member of a *single* group the following Authz directives work properly:
Require dbd-group faculty AuthDBDUserPWQuery "SELECT pw FROM auth where user =%" AuthzDBDQuery "SELECT grp FROM groups WHERE user = %However, when the user is a member of *multiple* groups [faculty & staff] the Authz directives always fail returning an access denied:
Require dbd-group faculty staff dean alumni AuthDBDUserPWQuery "SELECT pw FROM auth where user =%" AuthzDBDQuery "SELECT grp FROM groups WHERE user = % [likewise this also doesn't work] Require dbd-group faculty staff dean alumni AuthDBDUserPWQuery "SELECT pw FROM auth where user =%"AuthzDBDQuery "SELECT grp FROM groups WHERE user = % AND (grp = 'faculty' OR grp ='staff'')"
[I'm using the following in my httpd.conf] DBDDriver mysql DBDParams "host=localhost dbname=dbase user=xxx pass=xxx" DBDMin 1 DBDKeep 2 DBDMax 10 DBDExptime 60 <directory /usr/local/apache2/htdocs/grouptest> AllowOverride none AuthType basic AuthName "Mysql Groups" AuthBasicProvider dbd AuthUserFile /dev/null plus any one of the above sets of directives </directory>* It could be that authz is working as intended - one user can only belong to one group?
* Apache logs set to debug just returns "user is denied access to /grouptest"
* The mysgl.logs display the prepared sql statements * I'm using a new build of apr-1.3.3 & apr-util-1.3.4* I'm using mod_authz_dbd.c & mod_authz_dbd.h found at: http://people.apache.org/~niq
* I'm using apache 2.2.11; mysql 5.1.31; OSX 10.5.6 Thanks for your help, -bill --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|