Hi, Tom Evans schrieb:
On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote:
This is how we do it: [...] AuthzLDAPAuthoritative "On" Require valid-user Require ldap-group cn=Department,ou=Groups,o=Company
Does this work? When I read the docs: "Require valid-userIf this directive exists, mod_authnz_ldap grants access to any user that has successfully authenticated during the search/bind phase."
and:"Other Require values may also be used which may require loading additional authorization modules. Note that if you use a Require value from another authorization module, you will need to ensure that AuthzLDAPAuthoritative is set to off to allow the authorization phase to fall back to the module providing the alternate Require value."
-> http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.htmlThis seems to me like either "Require valid-user" is not working at all - because AuthzLDAPAuthoritative is "On" - or it overrules any ldap-group setting. Hm!?
Marc --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|