httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Johnson" <justinjohn...@gmail.com>
Subject [users@httpd] Active Directory, LDAP, and require ldap-group
Date Thu, 22 Jun 2006 15:53:53 GMT
Can anyone help me with the following?  I searched  the list archives
and didn't find anything that solved my problem.  I've tried to
organize everything concisely.  Please let me know if you have any
questions or advice.  Thanks!

GOAL

To only allow authenticated Active Directory users who are a member of
a specified Active Directory group to access a Location.

CURRENT RESULT

Authenticated Active Directory users can access the Location
regardless of whether they are a member of the specified group.

CONFIG

  <Location /svn/test>
  DAV svn
  SVNPath /svn/repos/test
  AuthType  Basic
  AuthName  "Subversion Repository"
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthLDAPBindDN cn=myuser,cn=Users,dc=part1,dc=part2,dc=mydomain,dc=com
  AuthLDAPBindPassword mypassword
  AuthLDAPURL "ldap://part1.part2.mydomain.com:portnum/DC=part1,DC=part2,DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=*)"
  require ldap-group CN=Administrators,CN=Builtin
  #  I also tried the following line which I got from a dsquery command.
  #require ldap-group
CN=Administrators,CN=Builtin,DC=part1,DC=part2,DC=mydomain,DC=com
  #require valid-user
</Location>

ENVIRONMENT

Apache 2.2
AIX 5.3
Built using the following ksh script.

#!/bin/ksh

## Define variables
base_dir=/svn
src_dir=$base_dir/downloads
build_dir=$base_dir/build

## Create initial directories
mkdir -p $build_dir

## Extract following binary packages
## autoconf.2.59.tar.Z   libtool.1.5.22.tar.Z  make.3.80.tar.Z
## gcc.4.1.0.tar.Z       m4.1.4.4.tar.Z        zlib.1.2.3.tar.Z
cd $base_dir
for f in $src_dir/*.Z
do
  echo "*** Extracting $f ***"
  zcat $f | tar xvf -
done

## Build openssl
cd $build_dir
gunzip $src_dir/openssl-0.9.8b.tar.gz
tar xvf $src_dir/openssl-0.9.8b.tar
cd $build_dir/openssl-0.9.8b
./config --prefix=/svn
make
make install

## Build openldap
cd $build_dir
gunzip $src_dir/openldap-2.3.24.tar.gz
tar xvf $src_dir/openldap-2.3.24.tar
cd $build_dir/openldap-2.3.24
env CPPFLAGS="-I/svn/usr/local/include -I/svn/include"
LDFLAGS="-L/svn/usr/local/lib -L/svn/lib" ./configure --prefix=/svn
--enable-bdb=no --enable-slapd=no
make
make install

## Build apache
cd $build_dir
gunzip $src_dir/httpd-2.2.2.tar.gz
tar xvf $src_dir/httpd-2.2.2.tar
cd $build_dir/httpd-2.2.2
./configure --prefix=/svn/apache2.2 --enable-so --without-berkeley-db
--enable-ssl --with-ssl=/svn --enable-dav=shar
ed --enable-dav-fs=shared --enable-dav-lock=shared --enable-ldap
--with-ldap --with-ldap-include=/svn/include --with
-ldap-lib=/svn/lib --enable-authnz-ldap --enable-rewrite
make
make install

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message