httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From paredes <pare...@aecom.yu.edu>
Subject Re: [users@httpd] Require dbd-group not accepting users belonging to multiple groups
Date Mon, 23 Feb 2009 21:05:10 GMT
Sorry about that. I just noticed that this has already been posted as 
bug# 46421. The posted fix solves the issue.

Regards,
-bill

paredes wrote:
> Greetings!
>
> In testing mod_authz_dbd it seems that the if a user is a member of a 
> *single* group the following Authz directives work properly:
>
> Require dbd-group faculty
> AuthDBDUserPWQuery "SELECT pw FROM auth where user =%"
> AuthzDBDQuery "SELECT grp FROM groups WHERE user = %
>
> However, when the user is a member of *multiple* groups [faculty & 
> staff] the Authz directives always fail returning an access denied:
>
> Require dbd-group faculty staff dean alumni
> AuthDBDUserPWQuery "SELECT pw FROM auth where user =%"
> AuthzDBDQuery "SELECT grp FROM groups WHERE user = %
>
> [likewise this also doesn't work]
>
> Require dbd-group faculty staff dean alumni
> AuthDBDUserPWQuery "SELECT pw FROM auth where user =%"
> AuthzDBDQuery "SELECT grp FROM groups WHERE user = % AND (grp = 
> 'faculty' OR grp ='staff'')"
>
> [I'm using the following in my httpd.conf]
> DBDDriver mysql
> DBDParams "host=localhost  dbname=dbase  user=xxx  pass=xxx"
> DBDMin 1
> DBDKeep 2
> DBDMax 10
> DBDExptime 60
> <directory /usr/local/apache2/htdocs/grouptest>
> AllowOverride none
> AuthType basic
> AuthName "Mysql Groups"
> AuthBasicProvider dbd
> AuthUserFile /dev/null
>
> plus any one of the above sets of directives
> </directory>
>
> * It could be that authz is working as intended - one user can only 
> belong to one group?
>
> * Apache logs set to debug just returns "user is denied access to 
> /grouptest"
> * The mysgl.logs display the prepared sql statements
> * I'm using a new build of apr-1.3.3 & apr-util-1.3.4
> * I'm using mod_authz_dbd.c & mod_authz_dbd.h found at: 
> http://people.apache.org/~niq
> * I'm using apache 2.2.11;   mysql 5.1.31;   OSX 10.5.6
>
> Thanks for your help,
> -bill
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message