httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John P. Dodge" <do...@cruciate.ca.boeing.com>
Subject Re: [users@httpd] Require ldap-group directive issue in Apache 2.2
Date Mon, 13 Nov 2006 23:28:07 GMT
On Mon, 6 Nov 2006, Christophe Gravier wrote:

> Hello,
>
> Regarding new Apache 2.2 authentification and authorization layers,
> especially ldap-group (
> http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#reqgroup ), I
> wanted to build authentification and authorization based on ldap group
> membership.
>
> I build my directive the same way as those man pages, that means:
>
> <Location "/DevDSI_trac">
>         SetEnv TRAC_ENV "/var/trac/DevDSI"
>         AuthType Basic
>         AuthName "DevDSI trac"
>         AuthBasicProvider ldap
>         AuthLDAPURL
> ldap://ist-guizay.univ-st-etienne.fr:389/ou=person,o=istase,c=fr?uid?sub?(objectClass=*)
>         require ldap-group cn=satin,ou=groups,o=istase,c=fr
> </Location>
>
>
> Thank you in advance,
>
> Regards.
>
> --
> Christophe Gravier
> Laboratoire DIOM, équipe SATIn - Doctorant http://portail-istase.univ-st-etienne.fr/diom/FRA/Satin.php

I had trouble with LDAP Groups when using Active Directory but I think it
is a symptom of my AD service.

I did hqave success with ldap-filter which I could use to query an
attribute of the uid returned from LDAP (sAMAccountNAme).

 require ldap-filter &(memberOf=G4570)

This works for me as the group affiliations are "mostly" described as
attributes in (our) AD.


----------------------------------------
"Mon aéroglisseur est plein d'anguilles"
John P. Dodge
Boeing Shared Services


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message