TAG <Location> and ldap_auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

    I need to authenticate the users of my network to distinguish directories of SVN with ldap_auth. The method that I used is through the <Location> tag. The following method that I use is the correct method to prevent users that isn´t inside the AD group GR_INT_SVN to access the /svn location?

################ Versions ################
Apache/2.2.9 (Win32) DAV/2 SVN/1.5.1
Windows Server 2003 Enterprise Edition
mod_authnz_ldap.so: 2.2.9

################ httpd.conf ####################

ServerRoot "C:/Arquivos de programas/Apache Software Foundation/Apache2.2"

Listen 80

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule setenvif_module modules/mod_setenvif.so

LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<IfModule !mpm_netware_module>
   <IfModule !mpm_winnt_module>
      User daemon
      Group daemon
   </IfModule>
</IfModule>

ServerAdmin admin@xxxxxxxxxx

DocumentRoot "C:/Arquivos de programas/Apache Software Foundation/Apache2.2/htdocs"

<Directory "C:/Arquivos de programas/Apache Software Foundation/Apache2.2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

ErrorLog "logs/error.log"

LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access.log" common
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "C:/Arquivos de programas/Apache Software Foundation/Apache2.2/cgi-bin/"
</IfModule>

<IfModule cgid_module>
</IfModule>

<Directory "C:/Arquivos de programas/Apache Software Foundation/Apache2.2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

<Location "/svn">
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off

    AuthName Subversion

    SVNPath E:\SVN\repository0
    DAV svn

    SVNListParentPath on
    SVNPathAuthz on

    AuthLDAPUrl "ldap://domain.com/dc=domain,dc=com?samAccountName?sub?(&(objectClass=User)(MemberOf=CN=GR_INT_SVN,OU=Internal,OU=Acessos,dc=domain,dc=com))"
        AuthLDAPBindDN "CN=SVNQueryUser,OU=QueryUsers,dc=domain,dc=com"
        AuthLDAPBindPassword pass

    require valid-user

</Location>

# Project 01
<Location "/svn/P01">
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative off

        AuthName Subversion_P01
   
        AuthLDAPUrl "ldap://domain.com/dc=domain,dc=com?samAccountName?sub?(&(objectClass=User)(MemberOf=CN=GR_INT_SVN_P01,OU=Internal,OU=Acessos,dc=domain,dc=com))"
        AuthLDAPBindDN "CN=SVNQueryUser,OU=QueryUsers,dc=domain,dc=com"
        AuthLDAPBindPassword pass
</location>


<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Allow from all
</Directory>

########################################################


--
Att.
Bruno Galindro da Costa
bruno.galindro@xxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux