httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Graham Leggett" <minf...@sharp.fm>
Subject Re: Some authorisation clarification
Date Wed, 29 Nov 2006 12:45:10 GMT
On Wed, November 29, 2006 2:19 pm, Nick Kew wrote:

> When the configuration is merged, the one that appears later in
> httpd.conf overrides the other where there is conflict.

What constitutes a conflict?

> What Satisfy value are you using?

The config looks like this:

    # Password protect bugzilla with native LDAP plugin
    <Location /bugzilla>
      AuthType Basic
      AuthName "User principal name"
      AuthLDAPEnabled on
      AuthLDAPBindDN zzz
      AuthLDAPBindPassword zzz
      AuthLDAPURL ldap://zzz:3268/?userPrincipalName,mail,cn?sub
      AuthLDAPAuthoritative on
      require valid-user
      Satisfy all
    </Location>

    # Password protect this entire website using Redhat LDAP plugin
   <Location />
      AuthName "Username"
      AuthzLDAPMethod ldap
      AuthzLDAPAuthoritative on
      AuthzLDAPServer zzz:3268
      AuthzLDAPUserBase zzz
      AuthzLDAPUserKey sAMAccountName
      AuthzLDAPUserScope subtree
      AuthzLDAPBindDN zzz
      AuthzLDAPBindPassword zzz

      AuthType basic
      require valid-user

      Order allow,deny
      Allow from 127.0.0.1/32 10.182.227.16
      Satisfy Any
   </Location>

If I swap the two Locations around, the effect is the same - / always wins.

Regards,
Graham
--



Mime
View raw message