I use the following .htaccess file: # Authentication realm and method: AuthType Basic AuthBasicProvider ldap AuthName "Intranet" # DN of Active Directory server AuthLDAPUrl ldap://asdf:1234/DC=eu?sAMAccountName?sub?(objectClass=*) # An account in the AD that has enough permissions to perform an LDAP search AuthLDAPBindDN "CN=Testuser,DC=eu" AuthLDAPBindPassword asdf # When checking for group membership, use the DN of the user, not the HTTP entry AuthLDAPGroupAttributeIsDN on # Require groups, specifying the DN of the security group require ldap-group CN=Access,DC=eu # So far so good, all users inside group "Access" can now log in. Users that are members of groups added to "Access" can not log in # Want to add support for nested groups by the following directive from http://httpd.apache.org/docs/trunk/mod/mod_authnz_ldap.html#reqgroup AuthLDAPMaxSubGroupDepth 20 This gives med Internal Server Error, with the following error_log entry: Invalid command 'AuthLDAPMaxSubGroupDepth', perhaps misspelled or defined by a module not included in the server configuration Running Apache 2.2 LoadModule authn_default_module modules/mod_authn_default.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so What am I doing wrong? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|