To answer my own questions partially: - yes it's possible to turn on authentication for the whole server by creating a <Location "/"> section and putting the Auth... statements in there. Unfortunately I'm unable to require different types of authentication in different parts of the site. If I put 'require valid-user' in '<Location "/">' all valid users can access all parts of the site even if I put and extra 'require group...' statement in a specific section. This is clearly not what I want :-( - the fact that firefox asks for the password multiple times when started with a multiple pages opened appears to be a firefox issue indeed Nico On Wed, 2009-08-12 at 13:42 +0200, Nico De Ranter wrote: > Hi, > > I have an internal apache 2.2 server that serves a number of > applications (trac, subversion, twiki, ...). Every application on the > webserver requires LDAP authentication. To do this I added a > 'AuthLDAP...' sections to each '<Location>' section in the apache config > files. Unfortunately this means: > 1. my LDAP configuration is scattered all over the config files; > 2. when I start firefox it asks me a username and password for every > page I had open from the same server (not sure whether this is actually > a firefox issue or due to the separate authentication section per web > app). > > I'd like to change the config of the apache server so it requires a > valid LDAP authentication for any page you try to use on the server and > then only add group restrictions per specific web app. The idea is that > I have: > > AuthzLDAPAuthoritative off > AuthBasicProvider ldap > AuthName "Web app server" > AuthType Basic > AuthLDAPBindDN ... > AuthLDAPBindPassword xxxxxxxxxxx > AuthLDAPURL "ldaps://ad.mydomain.com:636/ou..." > > Require valid-user > > only once in 1 central place and then add: > > Require ldap-group .... > > for every section. > > The question is: > 1. will this work? > 2. where do I put the AuthLDAP... section? > I figure if I put the AuthLDAP... section in my <Directory > "/www/htdocs"> section (=root of the webserver) it will only protect the > static pages in the htdocs directory (e.g. https://server/index.html) > but it will not protect the web apps (e.g. https://server/trac/mytrac) > which are actually coming from completely different parts of the > filesystem, right? > > > I hope this makes sense to anybody :-) > > > Thanks in advance, > > Nico > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|