httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: [users@httpd] group authorization via LDAP
Date Fri, 02 Oct 2009 19:37:36 GMT
> AuthLDAPGroupAttribute memberOf
> require ldap-group CN=mygroup,OU=GroupStuff,OU=Company
> Groups,DC=dev,DC=company,DC=com
> My LDAP entry (using the URL above) looks like this:
> dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com
>               objectClass: top
>                            person
>                            organizationalPerson
>                            user
>                        cn: trice
> <you don't care what my address, mailbox number, etc. is so ... snip>
>                  memberOf: CN=mygroup,OU=GroupStuff,OU=Company
> Groups,DC=dev,DC=company,DC=com
>                            CN=admins,OU=Standard,OU=Company
> Groups,DC=dev,DC= company,DC=com
>                department: 8675309
>                   company: Company, Inc.

Your config looks for entries like this in ldap:

cn: =mygroup,OU=Grou....
  memberOf: trice
  memberOf: bob

Your LDAP setup should use require ldap-filter to find a memberOf
under the _user_ that signifies membership in a group, or find how the
groups entry lists users (not memberOf, but something like member or
uniqueMember).  ldap-filter starts at the user and looks for stuff,
ldap-group starts at the group and looks for an entry listing your

Eric Covener

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message