httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Saad, Dan (N-Computer Sciences Corp)" <>
Subject [users@httpd] Authentication/Authorization at DocRoot and below
Date Thu, 14 Dec 2006 09:07:38 GMT
Apache 1.3.37, auth_ldap v1.6.1, on Solaris 2.9
I currently authenticate the user at the top of my site. LDAP
non_authoritative - mod_auth authoritative so that during authorization
I can check membership in a series of groups (ug01-ug05) prior to
granting access. Membership in any of the 5 groups results in access as
it should.

So far so good !

Now - I have a page in a subdirectory that I want to deny access to
members of ug02. I then took myself out of all other
Groups but ug02 and in limiting access to the subdirectory I changed my
require group as follows:

Require group ug01 ug02 ug03 ug04 ug05
To -
Require group ug01 ug03 ug04 ug05

If I've put myself in ug02 and I'm requiring membership in any 1 of the
other groups - I should be getting denied but I'm not.

I did this not only in <Directory> and <Location> constructs in the
httpd.conf but also tried a .htaccess file.

Should I not be able to authenticate at entry to the site and then
control access to various resources to certain groups as I proceed down
the tree ?

Any ideas would be appreciated....


View raw message