httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Morgan <rmor...@pobox.com>
Subject [PATCH] mod_authnz_ldap and satisfy all
Date Sun, 04 Sep 2005 20:06:11 GMT

Attached is a patch in response to my email earlier in the week.

This adds the ability for auth_ldap to check all require lines before
allowing access through use of the 'satisfy all' directive.  The  
previous
behavior of the module is grant access if any require line succeeds.

The main reason behind this patch is to allow administrators to require
users be in multiple groups.  For example:

<Location />
    AuthType Basic
    AuthName "Authenticate Please"
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off
    AuthLDAPUrl ldap://localhost/o=SomeCompany,c=US?uid?sub?

    require ldap-group cn=Engineering,ou=Groups,o=SomeCompany,c=US
    require ldap-group cn=QA,ou=Groups,o=SomeCompany,c=US
    satisfy all
</Location>

Could someone provide feedback on whether this is a feature that  
could be
added to the ldap module?

Thanks,
-Ryan


Mime
View raw message