On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote: > I'm trying to convert from DBM file based authentication and > authorization to LDAP based authentication and authorization in Apache > 2.2.11. > > We've already got a large number of .htaccess files with specific > configs for individual directories that are using "require user" and > "require group". Is it possible to configure the apache server to allow > those .htaccess to continue work as expected or must we change them to > "require ldap-user" and "require ldap-group"? > > I'm digging through the mod_authnz_ldap docs but the config to specify > the base for group authorization (in my case: "ou=GroupStuff,ou=Our > Groups,dc=Company,dc=Com") just isn't jumping out at me. > This is how we do it: AuthType Basic AuthName "Company" AuthBasicProvider "ldap" AuthLDAPURL "ldap://ldap/o=Company?mail?sub?(accountActive=TRUE)" AuthLDAPBindDN "cn=authuser,ou=System Accounts,o=Company" AuthLDAPBindPassword "authpass" AuthzLDAPAuthoritative "On" Require valid-user Require ldap-group cn=Department,ou=Groups,o=Company Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|