Marc Patermann wrote:
Hi, Mxrgus Pxrt schrieb:Would it be possible to filter users not only by user attributes or groups but also by attributes of group using authnz_ldap?Example: Users: cn: First Last, ou: people, dc: lol cn: Second Last, ou: pople, dc: lol Groups: cn: lord, ou: group, dc: lol member: First Last attribute111: yes Now, if attribute111 is yes, auth succeeds. If not, what would be your recommendation, how to solve this task?Hm, if there was any group-filter setting ...But you have to _name_ the ldap-group anyone, don't you? So just name LDAP groups here which have the attribute. :)If you use AuthLDAPBindDN for searching ldap by apache, you could "hide" other groups than these with the attribute by ACL on the ldap server.Marc
Both solutions what you offered are not good enough.By defining groups one by one in ldap-group or messing around per group in ACL of ldap server I would not gain anything, I need filtering by group attribute.
As I understand best solutions would be:a. http://code.google.com/p/mod-auth-external/ - create dynamic python program for example what would filter by using group attribute
b. patch current mod_authz_ldapVariant A seems a bit less messy (future problems on updates etc with variant B). Can anyone of you recommend something better?
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx