httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Douglas L Stewart" <>
Subject [users@httpd] problems with LDAP and restricting access to files and directories
Date Fri, 23 May 2003 18:25:14 GMT
I am using Apache HTTPD 2.0.45 on Solaris 8.  My setup is a mixture of
Apache HTTPD and Tomcat.  I have an application consisting of Java
servlets and static files.  I use Apache HTTPD to serve the static files
(.txt.gz and .pdf) because Tomcat doesn't seem to support serving
optimized PDF files.

I have the mod_auth_ldap module compiled and am using it as follows:

<Location "/reports">

        <IfModule mod_auth_ldap.c>

            AuthType Basic
            AuthName "Reports Online"

            AuthLDAPEnabled on
            AuthLDAPURL ldap://,dc=com?uid?sub?(
            AuthLDAPAuthoritative on

            require valid-user



This part works great.

Now what I want to do is restrict certain directories of static content to
just certain LDAP users.  If a user is unauthorized I want them to get a
403 error which I will use ErrorDocument to say they don't have
permissions to view the document.  I don't want them get a 401, which will
just get the browser to reprompt for their password and confuse the user.

I tried putting a .htaccess file in a directory to try this by restricting
it a user named hboral:

AuthName "Reports Online"
AuthType Basic
AuthLDAPEnabled on
AuthLDAPURL ldap://,dc=com?uid?sub?(objectClass=
AuthLDAPAuthoritative on
require user hboral

When I did this it didn't prevent access to my PDF's unfortunately, and
seems to cause problems accessing text files:  ( I access them as .txt and
expect Apache to find the .txt.gz)

[Fri May 23 12:17:57 2003] [error] [client] Negotiation:
discovered file(s) matching request:
/opt/db2imsp1/reports/MMIRS/MMIRS01/2003/mmirs01.20030310.262598.txt (None
could be negotiated)., referer:

Any idea how to configure this properly?

Douglas L Stewart

Douglas L Stewart

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message