* Jeff Shearer <jeff@xxxxxxxxxxxxxxxxxx> [2009-05-27 08:43]: > dn: cn=SuperTeam,ou=groups,dc=my,dc=mydomain,dc=com > ou: groups > description: People who are employees of Super Team > uniqueMember: uid=jeffshearer,dc=my,dc=mydomain,dc=com > uniqueMember: uid=maeshearer,dc=my,dc=mydomain,dc=com > objectClass: groupOfUniqueNames > cn: SuperTeam [...] > I have tried a number of configurations for group authenticaiton, all > without success. Following is the current iteration of my apache > configuration for the superteam.docs directory: > > <Directory /files/superteam.docs> > AuthType basic > AuthName "Super Team Members Only" > AuthBasicProvider ldap > AuthzLDAPAuthoritative on > AuthLDAPBindDN "cn=Manager,dc=my,dc=mydomain,dc=com" > AuthLDAPBindPassword "secret" > AuthLDAPGroupAttribute uniqueMember > AuthLDAPGroupAttributeIsDN off > AuthLDAPURL > "ldap://192.168.0.92:389/ou=groups,dc=my,dc=mydomain,dc=com?cn=SuperTeam?"; > Require ldap-group cn=SuperTeam,ou=groups > AllowOverride None > Order allow,deny > Allow from all > Options +Includes > XbitHack on > </Directory> First, AuthLDAPGroupAttributeIsDN should be on, since obviously your (unique)member values *are* DNs. (Btw, unless you require the addtional distinguishing values uniqueMember allows for -- and from your example you certainly don't -- you can just as well use the 'member' attribute. Both 'member' and 'uniquemember' need their values to be unique.) Second, your "Require ldap-group" is somehow truncated, it should be the full DN of that group (is there some documentation that implies you can just leave away the baseDN or something?) cheers, -peter --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|