httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Marshall" <>
Subject [users@httpd] Another ldap question
Date Fri, 31 Oct 2008 09:16:47 GMT
Hi chaps,

I have the following code setup in an apache config file to restrict
access to trac sites on the server via LDAP group membership. 

<Location /url/to/page>
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption TracEnv /trac/environ/site
PythonOption TracUriRoot /url/to/page

AuthName "Authentication"

AuthType Basic
AuthBasicProvider ldap

AuthzLDAPAuthoritative on

AuthLDAPBindDN "CN=LDAP USER,CN=Users,DC=mydomain,DC=local"
AuthLDAPBindPassword passwordgoeshere
e?sub?(objectCla ss=*)" NONE
AuthLDAPGroupAttributeIsDN on
require ldap-group CN=testgroup,OU=Security Groups,OU=My

Require valid-user

This works fine, with one slight exception. When we change the
membership of the ldap group (in active directory on a windows box), we
have to restart Apache on the linux box. A reload doesnt work, it has to
be a restart. If we dont, then the changes to the group aren't
recognised. It's as though the membership of the group is cached on the
linux box and that cache is never updated. 

It's not a massive issue at the moment, but will be a management
pain-in-the-rear when the sites are used by more and more external

Any ideas? Code is as follows.


G2 Support
Online Backups 


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message