Separate authentication and authorization databases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Separate authentication and authorization databases
From: Marcel Ammerlaan <marcel.ammerlaan@xxxxxxxxx>
Date: Mon, 10 Aug 2009 13:02:21 +0200
Reply-to: users@xxxxxxxxxxxxxxxx

Hi,

I'm trying to setup a somewhat unusual security architecure with Apache HTTP and wonder if this can be achieved at all.
Basically, I have 2 LDAP servers one with user-accounts and a second with user/group mappings.
The first LDAP is Windows AD and I query that via SASL (using mod_authn_sasl).
The second LDAP is ApacheDS.

I can successfully use the SASL authentication and using a 'require valid-user' everyone with an AD
account is granted access. However, I'd like a 'require ldap-group' setting with a group from the second
LDAP. This would require the use of mod_auth_ldap but then I loose the required SASL login.

Is there a way to have authentication done on 1 backend and get the authorization from a second one
where both are required?

Regards,

Marcel Ammerlaan.

Prev by Date: Re: Re: Need some SSL help please.
Next by Date: "SSL input filter read failed" error for apache with mod_nss
Previous by thread: vhost not receiving the connections
Next by thread: "SSL input filter read failed" error for apache with mod_nss
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]