RE: group authorization via LDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks makes sense and works well using require ldap-filter

-Tony


> -----Original Message-----
> From: Eric Covener [mailto:covener@xxxxxxxxx]
> Sent: Friday, October 02, 2009 3:38 PM
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re:  group authorization via LDAP
> 
> > AuthLDAPGroupAttribute memberOf
> >
> > require ldap-group CN=mygroup,OU=GroupStuff,OU=Company
> > Groups,DC=dev,DC=company,DC=com
> >
> > My LDAP entry (using the URL above) looks like this:
> > dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com
> >
> >               objectClass: top
> >                            person
> >                            organizationalPerson
> >                            user
> >                        cn: trice
> > <you don't care what my address, mailbox number, etc. is so ... snip>
> >                  memberOf: CN=mygroup,OU=GroupStuff,OU=Company
> > Groups,DC=dev,DC=company,DC=com
> >                            CN=admins,OU=Standard,OU=Company
> > Groups,DC=dev,DC= company,DC=com
> >                department: 8675309
> >                   company: Company, Inc.
> 
> 
> Your config looks for entries like this in ldap:
> 
> cn: =mygroup,OU=Grou....
>   memberOf: trice
>   memberOf: bob
>   ...
> 
> Your LDAP setup should use require ldap-filter to find a memberOf
> under the _user_ that signifies membership in a group, or find how the
> groups entry lists users (not memberOf, but something like member or
> uniqueMember).  ldap-filter starts at the user and looks for stuff,
> ldap-group starts at the group and looks for an entry listing your
> user.
> 
> --
> Eric Covener
> covener@xxxxxxxxx
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux