httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 43798] - require ldap-group or ldap-user with AuthnProviderAlias is not ok
Date Thu, 07 Feb 2008 00:44:57 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=43798>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=43798


bnicholes@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Additional Comments From bnicholes@apache.org  2008-02-06 16:44 -------
This is actually working as designed.  Authentication and autorization are two 
different functions.  Since the LDAP URL was specified in an 
<AuthnProviderAlias> section, the directives in that section only apply to 
authentication or Authn.  They do not apply to authorization or authz.  
Therefore, an LDAP URL still needs to be defined if the authorization 
functionality requires it such as in an 'require ldap-group xxx' situation.  
The unfortunate thing is that this is not intuitive in apache 2.2. It will 
make a little more sense in Apache 2.4 when the directive section 
<RequireAlias ... > is introduced.  This will allow both the authentication 
and authorization functionality to be independently configured with separate 
LDAP information if desired.  An equivalent <RequireAlias> would appear as:

<RequireAlias ldap-group my-ldap-group cn=xxx,ou=groups,dc=xxx,dc=fr>
   AuthLDAPURL ldap://xxx/ou=people,dc=xxx,dc=fr 
   ...
</RequireAlias>

<Directory ..>
   ...
   Require my-ldap-group
</Directory>

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message