httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug White <bumpwh...@yahoo.com>
Subject [users@httpd] Help in authenitcating across multiple LDAPs
Date Fri, 04 Sep 2009 15:45:42 GMT
The problem I'm having is authenticating using groups to authorize access.  

I'm using LoadModule authn_alias_module modules/mod_authn_alias.so as to identify multiple
authentication providers.  The below works fine when Require valid-user is used instead of
ldap-group.  You might note I'm using svn but I'm simply hitting the Apache Server with a
browser.  I haven't found an example where authorization is group.  Found pelenty of examples
where Require valid-user which, of course, is of no value to me.

Please someone repond to this despirate post.

<AuthnProviderAlias ldap ldap-01>
    AuthLDAPBindDN "CN=ldapuser,OU=StandardUsers,OU=My Company,OU=Users,OU=EIT Central,DC=ad,DC=mycompany,DC=com"
    AuthLDAPBindPassword mypassword
    AuthLDAPURL ldap://ldap.ad.mycompany.com:389/DC=ad,DC=mycompany,DC=com?sAMAccountName?sub
</AuthnProviderAlias>

<AuthnProviderAlias ldap ldap-02>
    AuthLDAPBindDN "CN=ldapuser,OU=StandardUsers,OU=My Company,OU=Users,OU=EIT Central,DC=ad,DC=mycompany,DC=com"
    AuthLDAPBindPassword mypassword
    AuthLDAPURL ldap://ldap.other.mycompany.com:389/DC=other,DC=mycompany,DC=com?sAMAccountName?sub
</AuthnProviderAlias>

# Location for the Subversion repository
<Location /repository>
    DAV svn
    SVNPath c:/svn_repository
    #
    Order deny,allow
    Allow from all

    AuthBasicProvider ldap-01 ldap-02
    AuthType Basic
    AuthName 'Subversion Repository'
    AuthzLDAPAuthoritative off
    Require ldap-group CN=G-MyGroup,OU=Groups,OU=LAN Services,DC=ad,DC=mycompany,DC=com
    SVNAutoversioning on
    ModMimeUsePathInfo on
</Location>

Mime
View raw message