httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Morgan <ryanmor...@gmail.com>
Subject Multiple group authorization in mod_ldap
Date Thu, 01 Sep 2005 22:34:13 GMT

Hey everyone,

I have a quick question regarding authorization against multiple  
groups in
mod_ldap.

Currently, if any of the require lines succeed, the user will be granted
access. (Unless I'm missing something obvious in the code and docs)

I'd like to add the ability to require all, so that each require line  
is checked
for successful authorization.  This would allow mod_ldap to check  
that a user
is in multiple groups before granting access.

I can think of a couple of ways of implementing this:

1) Use the core's Satisfy directive to check if 'Satisfy all' has been
    requested.

2) Add a new directive 'AuthLDAPRequireAll' which would be a flag  
indicating
    to check all require lines.

Thoughts?

(Apologies if this comes through twice, I originally sent it from the  
wrong
email address, so it's probably in the queue for the list moderator)


Mime
View raw message