httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitri Colebatch" <...@colebatch.com>
Subject [users@httpd] Re: authentication - one of several groups
Date Mon, 23 Jul 2007 23:29:51 GMT
I'm assuming that the lack of response means no one else is using this
feature.  I'd like to ask one more time before raising a bug - can
anyone see any reason why I shouldn't raise a bug for this?

cheers,
dim

On 7/20/07, Dmitri Colebatch <dim@colebatch.com> wrote:
> Hi all,
>
> This is a problem thats been irking me for a while and I'm hopeful
> that some other users might be able to shed some light on the issue.
> We use LDAP authentication and would like to allow access to a
> location if a user is in one of a number of groups.  From reading
> http://httpd.apache.org/docs/2.0/mod/core.html#require I had hoped
> that something like this might work:
>
>  <Location /foo>
>    AuthType Basic
>    AuthName "LDAP Authentication"
>    AuthLDAPUrl ....
>    AuthLDAPBindDN ...
>    AuthLDAPBindPassword ...
>    require group cn=tjunction.development_team,o=groups
> cn=tjunction.papis.product.viewer,ou=internal,o=groups
>  </Location>
>
> But that refuses to authorize me.  Note that if I have either one of
> those groups I am authenticated successfully.  I had thought perhaps
> that the multiple groups meant that you had be in _all_ groups rather
> than _either_ group, but this behaviour disproves that theory.
>
> To me, it appears that this simply doesn't work as documented.  Can
> someone see anything I'm doing wrong?  Anyone else have to deal with
> this requirement?
>
> cheers,
> dim
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message