RE: group authorization via LDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Is our only choice changing all the .htaccess files with "require group
<group name>" to "require ldap-group cn=<group name>,ou=some long ldap
string" in order to make the switch group authorization via LDAP groups?

-Tony


> -----Original Message-----
> From: Tom Evans [mailto:tevans.uk@xxxxxxxxxxxxxx]
> Sent: Friday, October 02, 2009 4:36 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  group authorization via LDAP
> 
> On Thu, 2009-10-01 at 17:18 -0400, Tony Rice (trice) wrote:
> > I'm trying to convert from DBM file based authentication and
> > authorization to LDAP based authentication and authorization in
> Apache
> > 2.2.11.
> >
> > We've already got a large number of .htaccess files with specific
> > configs for individual directories that are using "require user" and
> > "require group".  Is it possible to configure the apache server to
> allow
> > those .htaccess to continue work as expected or must we change them
> to
> > "require ldap-user" and "require ldap-group"?
> >
> > I'm digging through the mod_authnz_ldap docs but the config to
> specify
> > the base for group authorization (in my case: "ou=GroupStuff,ou=Our
> > Groups,dc=Company,dc=Com") just isn't jumping out at me.
> >
> 
> This is how we do it:
> 
> AuthType Basic
> AuthName "Company"
> AuthBasicProvider "ldap"
> AuthLDAPURL "ldap://ldap/o=Company?mail?sub?(accountActive=TRUE)"
> AuthLDAPBindDN "cn=authuser,ou=System Accounts,o=Company"
> AuthLDAPBindPassword "authpass"
> AuthzLDAPAuthoritative "On"
> Require valid-user
> Require ldap-group cn=Department,ou=Groups,o=Company
> 
> 
> Cheers
> 
> Tom
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux