On Fri, May 7, 2010 at 4:00 PM, Rodrigo Montenegro <montenegro.r@xxxxxxxxx> wrote: > Hey Guys! > > I have the following scenario. I want to authenticate and authorize users in > a Apache server against an LDAP server. > The things is that there is so a need to make this authorization checking up > if the user is in one of many groups. > The question is: is that possible? If it is, how can I make it happen? > > I have sucess on doing this authorization against one single group, but not > search in many. > > <Location /somepath> > > AuthType Basic > AuthName "Secret path" > AuthBasicProvider ldap > AuthLDAPUrl ldap://ldapserver/ou=organization,ou=org > AuthzLDAPAuthoritative on > AuthLDAPBindDN "uid=serviceuser,ou=services,ou=corp,ou=organization,ou=org" > AuthLDAPBindPassword "servicepwd" > > AuthLDAPGroupAttribute uniqueMember > AuthLDAPGroupAttributeIsDN on > > require ldap-group cn=group1,ou=Groups,ou=corp,ou=organization,ou=org > > </Location> > > In group1 there is a list in uniqueMember attribute containing all the DN > users. Just repeat the require for each group. Membership in any group lets them in. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|