httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <>
Subject mod_authn_alias attempt (was Re: Multiple AAA Providers)
Date Wed, 18 May 2005 17:53:44 GMT
   Here is the second attempt which actually works.  It still needs some cleanup and auth_digest
has not been accounted for yet, but it does let you define and call multiple alias providers
that can be referenced from multiple locations.  I would like to add it to modules/aaa if
there are no objections.  

The configuration syntax is as follows:

LoadModule authn_alias_module modules/authnalias.nlm
<IfModule mod_authn_alias.c>

<AuthnProviderAlias ldap ldap-alias1>
    AuthLDAPBindDN cn=youruser,o=ctx
    AuthLDAPBindPassword yourpassword
    AuthLDAPURL ldap://

<AuthnProviderAlias ldap ldap-other-alias>
    AuthLDAPBindDN cn=yourotheruser,o=ctx
    AuthLDAPBindPassword yourotherpassword
    AuthLDAPURL ldap://

Alias /secure /webpages/secure
<Directory /webpages/secure>
    Order deny,allow
    Allow from all
    AuthBasicProvider ldap-other-alias  ldap-alias1
    AuthType Basic
    AuthName LDAP_Protected_Place
    AuthzLDAPAuthoritative off
    require valid-user



>>> Tuesday, May 17, 2005 10:27:14 AM >>>
   Here is an attempt at providing this functionality through a separate module called mod_authn_alias.
 It follows the syntax outlined in the previous message thread
.  However, I have run into a road block.  In order to make this work, mod_authn_alias needs
to be able to retrieve the aliased per_dir configuration and merge it into the current per_dir
configuration before calling the real check_password() provider function.  I'm just not sure
how to make this happen given the amount of information that mod_authn_alias has at the point
when the merge_per_dir_config needs to happen.  

Any ideas?


>>> Friday, April 29, 2005 9:16:44 AM >>>
Has there been any further motion on the multiple AAA provider issue in 2.1?

Our customers really need to be able to directly authenticate against 
multiple LDAPs (again, this is not a failover case -- the contents of 
each LDAP are distinct and non-overlapping).

I *suspect* we're not the only ones who need multiple AAA data sources 
of a single type, especially LDAP.

Jess Holle

View raw message