Hi,
I have an internal apache 2.2 server that serves a number of
applications (trac, subversion, twiki, ...). Every application on the
webserver requires LDAP authentication. To do this I added a
'AuthLDAP...' sections to each '<Location>' section in the apache config
files. Unfortunately this means:
1. my LDAP configuration is scattered all over the config files;
2. when I start firefox it asks me a username and password for every
page I had open from the same server (not sure whether this is actually
a firefox issue or due to the separate authentication section per web
app).
I'd like to change the config of the apache server so it requires a
valid LDAP authentication for any page you try to use on the server and
then only add group restrictions per specific web app. The idea is that
I have:
AuthzLDAPAuthoritative off
AuthBasicProvider ldap
AuthName "Web app server"
AuthType Basic
AuthLDAPBindDN ...
AuthLDAPBindPassword xxxxxxxxxxx
AuthLDAPURL "ldaps://ad.mydomain.com:636/ou..."
Require valid-user
only once in 1 central place and then add:
Require ldap-group ....
for every section.
The question is:
1. will this work?
2. where do I put the AuthLDAP... section?
I figure if I put the AuthLDAP... section in my <Directory
"/www/htdocs"> section (=root of the webserver) it will only protect the
static pages in the htdocs directory (e.g. https://server/index.html)
but it will not protect the web apps (e.g. https://server/trac/mytrac)
which are actually coming from completely different parts of the
filesystem, right?
I hope this makes sense to anybody :-)
Thanks in advance,
Nico
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|