TAG <Location> and ldap_auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: TAG <Location> and ldap_auth
From: Bruno Galindro da Costa <bruno.galindro@xxxxxxxxx>
Date: Wed, 13 Jan 2010 12:18:07 -0200
Reply-to: users@xxxxxxxxxxxxxxxx

Hi,

    I need to authenticate the users of my network to distinguish directories of SVN with ldap_auth. The method that I used is through the <Location> tag. The following method that I use is the correct method to prevent users that isn´t inside the AD group GR_INT_SVN to access the /svn location?

################ Versions ################
Apache/2.2.9 (Win32) DAV/2 SVN/1.5.1
Windows Server 2003 Enterprise Edition
mod_authnz_ldap.so: 2.2.9

################ httpd.conf ####################

ServerRoot "C:/Arquivos de programas/Apache Software Foundation/Apache2.2"

Listen 80

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule setenvif_module modules/mod_setenvif.so

LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<IfModule !mpm_netware_module>
   <IfModule !mpm_winnt_module>
      User daemon
      Group daemon
   </IfModule>
</IfModule>

ServerAdmin admin@xxxxxxxxxx

DocumentRoot "C:/Arquivos de programas/Apache Software Foundation/Apache2.2/htdocs"

<Directory "C:/Arquivos de programas/Apache Software Foundation/Apache2.2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

ErrorLog "logs/error.log"

LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access.log" common
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "C:/Arquivos de programas/Apache Software Foundation/Apache2.2/cgi-bin/"
</IfModule>

<IfModule cgid_module>
</IfModule>

<Directory "C:/Arquivos de programas/Apache Software Foundation/Apache2.2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

<Location "/svn">
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off

    AuthName Subversion

    SVNPath E:\SVN\repository0
    DAV svn

    SVNListParentPath on
    SVNPathAuthz on

    AuthLDAPUrl "ldap://domain.com/dc=domain,dc=com?samAccountName?sub?(&(objectClass=User)(MemberOf=CN=GR_INT_SVN,OU=Internal,OU=Acessos,dc=domain,dc=com))"
        AuthLDAPBindDN "CN=SVNQueryUser,OU=QueryUsers,dc=domain,dc=com"
        AuthLDAPBindPassword pass

    require valid-user

</Location>

# Project 01
<Location "/svn/P01">
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off

        AuthName Subversion_P01

        AuthLDAPUrl "ldap://domain.com/dc=domain,dc=com?samAccountName?sub?(&(objectClass=User)(MemberOf=CN=GR_INT_SVN_P01,OU=Internal,OU=Acessos,dc=domain,dc=com))"
        AuthLDAPBindDN "CN=SVNQueryUser,OU=QueryUsers,dc=domain,dc=com"
        AuthLDAPBindPassword pass
</location>

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Allow from all
</Directory>

########################################################

--
Att.
Bruno Galindro da Costa
bruno.galindro@xxxxxxxxx

Prev by Date: RE: HTTP over PPPoE???
Next by Date: Optimizing apache 2
Previous by thread: build 32 bit httpd on 64 bit RHEL
Next by thread: Optimizing apache 2
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]