httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] authentication for a group or for a user
Date Thu, 22 Jan 2009 18:02:51 GMT
Eric Covener wrote:
> On Thu, Jan 22, 2009 at 7:33 AM, Malka Cymbalista
> <Malki.Cymbalista@weizmann.ac.il> wrote:
>> We are running apache 2.2.6 on a Linux machine.  We have enabledldap authentication.
I would like to allow users to authenticate to aparticular directory either using a valid
ldap userid from a list ofvalid userids or if they are a member of a group that I have defined
inan external file.
>> I put the following code into my httpd.conf file
>>
>> <Directory /my/directory>
>>     AuthType Basic
>>     AuthName "Private  Pages"
>>     AuthBasicProvider ldap file
>>     AuthGroupFile /WWW/httpd/conf/.htgroup
>>     AuthUserFile /WWW/httpd/conf/.htpasswd
>>     AuthLDAPRemoteUserAttribute cn
>>     AuthLDAPURL "ldaps://a.server.com:111/o=Users?cn"
>>     AuthLDAPBindDN cn=InternetAuthUser,o=system
>>     AuthLDAPBindPassword xxxxx
>>     AuthzLDAPAuthoritative Off
>>     AuthLDAPRemoteUserIsDN On
>>     Require group scientists
>>     Require user user1 abuser
>>
>>
>> This did not work.  The only way that I was able to allow theusers user1 and abuser
to get in to the directory was by creating agroup for the and adding that group to the require
group line anddeleting the Require user line.
>> Is there a way to authenticate either via a user or via a group?
>>
> 
> You'll need to clarify the details, and show when/how it's failing,
> but there's no reason why your authorization shouldn't be able to do
> group OR user.
> 
Should there not just be a "Satisfy any" there ?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message