RE: How do I require more than one Require ldap-* directive match?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Title: How do I require more than one Require ldap-* directive match?
I've looked at the mod_authnz_ldap code and the
documentation. "Out of the box" it sems like there's no way to turn the
"OR" behavior of Require ldap-* lines into "AND." I've been trying as
hard as I can to avoid creating not only a new provider type but also a new
provider. Unfortunately, the more I dig into mod_authnz_ldap the more it seems
like it's not quite what I need.
Is there a "right" way to do
this? One thought is creating a hook that "fakes out" check_user_access by
dynamically updating the array of requires to "present" one ldap-* require
line at a time, then aggregating the results into a single return
value.
I've seen some pretty subtle tricks from all of
you--I'm hoping that someone out there has a better option than building up a
new provider.
--Pete
From: Thomas, Peter
[mailto:pthomas@xxxxxxxx]
Sent: Tuesday, April 06, 2010 1:26
PM
To: users@xxxxxxxxxxxxxxxx
Subject: How do
I require more than one Require ldap-* directive match?
How do I configure mod_authnz_ldap to require that
I meet multiple authorization conditions [i.e. user must be a member of an
LDAP group AND also posses one or more attributes]. As it is, the code
returns "OK" as soon as the first "Require ldap-*" directive succeeds,
short-circuiting subsequent require directives.
If I only had to match on attributes, I could use a
Require llda-filter directive, but needing to search for both a group and an
attribute stops me cold.
-Pete
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
