On Wed, 06 Jul 2011 15:42:18 +0200, Robert Velter wrote:
Hi Amos,
thanks for your clarification and the link. So i try now the
following:
1) Add a working basic auth to auth_param (probably ldap_auth).
2) Modify the access list from
http_access allow ldapgroup-access
http_access deny all
to
http_access deny !ldapgroup-access
http_access allow all
Its not clear from your original post if you need the group checking on
Basic auth'ed users. You might want something like this to require *a*
login, but not block basic auth user with the group-check:
acl authed proxy_auth REQUIRED
acl authBasic req_header Proxy-Authenticate ^Basic
# if NOT logged in as basic do the group check. re-auth if that
fails.
http_access deny !authBasic !ldapgroup-access
# only gets here if (a) auth via Basic, or (b) auth via
NTLM/Negotiate with group checked OK.
http_access allow authed
# for config clarity. Should not actually be reachable.
http_access deny all
Amos
