httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico De Ranter <n...@sonycom.com>
Subject Re: [users@httpd] Requiring authentication for the whole server
Date Wed, 12 Aug 2009 14:47:11 GMT
To answer my own questions partially:

- yes it's possible to turn on authentication for the whole server by
creating a <Location "/"> section and putting the Auth... statements in
there.  Unfortunately I'm unable to require different types of
authentication in different parts of the site. If I put 'require
valid-user' in '<Location "/">' all valid users can access all parts of
the site even if I put and extra 'require group...' statement in a
specific section. This is clearly not what I want :-(

- the fact that firefox asks for the password multiple times when
started with a multiple pages opened appears to be a firefox issue
indeed

Nico

On Wed, 2009-08-12 at 13:42 +0200, Nico De Ranter wrote:
> Hi,
> 
> I have an internal apache 2.2 server that serves a number of
> applications (trac, subversion, twiki, ...).  Every application on the
> webserver requires LDAP authentication.  To do this I added a
> 'AuthLDAP...' sections to each '<Location>' section in the apache config
> files.  Unfortunately this means: 
>   1. my LDAP configuration is scattered all over the config files; 
>   2. when I start firefox it asks me a username and password for every
> page I had open from the same server (not sure whether this is actually
> a firefox issue or due to the separate authentication section per web
> app).
> 
> I'd like to change the config of the apache server so it requires a
> valid LDAP authentication for any page you try to use on the server and
> then only add group restrictions per specific web app.  The idea is that
> I have:
> 
> 	AuthzLDAPAuthoritative off
>         AuthBasicProvider ldap
>         AuthName "Web app server"
>         AuthType Basic
>         AuthLDAPBindDN ...
>         AuthLDAPBindPassword xxxxxxxxxxx
>         AuthLDAPURL "ldaps://ad.mydomain.com:636/ou..."
> 
>         Require valid-user
> 
> only once in 1 central place and then add:
> 
> 	Require ldap-group ....
> 
> for every section.
> 
> The question is:
>   1. will this work?
>   2. where do I put the AuthLDAP... section?
> I figure if I put the AuthLDAP... section in my <Directory
> "/www/htdocs"> section (=root of the webserver) it will only protect the
> static pages in the htdocs directory (e.g. https://server/index.html)
> but it will not protect the web apps (e.g. https://server/trac/mytrac)
> which are actually coming from completely different parts of the
> filesystem, right?
> 
> 
> I hope this makes sense to anybody :-)
> 
> 
> Thanks in advance,
> 
> Nico
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message