Hi folks,
of both lists.
I'm reverse-proxying Apache Archiva, where I have trouble getting
authorization right.
By default Archiva users have no Roles assigned, which makes them in my
setup inferior to even the guest user.
As there appears to be no way to give newly created or imported users a
sane default role, only one-by-one, clickedy-click, I have defaulted to
solving this problem on a terrain where I feel safe and comfortable:
In httpd.
I only want to protect a specific part of the tree, and I can do that
just fine with:
<Location /archiva/repository/internal/com/es>
AuthType Basic
AuthBasicProvider ldap
AuthName "Restricted access for deployment>
AuthLDAPURL ldap://adam01.es.local:389/DC=es,DC=at?cn?
AuthLDAPBindDN srvbind
AuthLDAPBindPassword somepw
<Limit PUT PROPPATCH MKCOL COPY MOVE>
Require ldap-group CN=MemberOf=java_devs
</Limit>
ProxyPassReverse /
</Location>
This is enough to seed out the Java Devs, and make sure only they can deploy
to our repositores.
But unfortunately, the Auth-Headers are transported to the backend, which
can authenticate the users just fine, but with their default role being
"nothing", it won't authorize them.
So my question is: How do I suppress the proxying of the auth headers?
Or for the archiva list: How do I asign a sane default role for all [new] users?
That's all folks!
Bye,
Igor
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|