httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mxrgus Pxrt <mar...@tione.eu>
Subject Re: [users@httpd] Filter by group attribute using mod authnz_ldap
Date Wed, 14 Oct 2009 13:50:09 GMT
Marc Patermann wrote:
> Hi,
>
> Mxrgus Pxrt schrieb:
>
>> Would it be possible to filter users not only by user attributes or 
>> groups but also by attributes of group using authnz_ldap?
>>
>> Example:
>>
>> Users:
>> cn: First Last, ou: people, dc: lol
>> cn: Second Last, ou: pople, dc: lol
>>
>> Groups:
>> cn: lord, ou: group, dc: lol
>>  member: First Last
>>  attribute111: yes
>>
>> Now, if attribute111 is yes, auth succeeds.
>>
>>
>> If not, what would be your recommendation, how to solve this task?
> Hm, if there was any group-filter setting ...
> But you have to _name_ the ldap-group anyone, don't you? So just name 
> LDAP groups here which have the attribute. :)
>
> If you use AuthLDAPBindDN for searching ldap by apache, you could 
> "hide" other groups than these with the attribute by ACL on the ldap 
> server.
>
>
>
> Marc

Both solutions what you offered are not good enough.

By defining groups one by one in ldap-group or messing around per group 
in ACL of ldap server I would not gain anything, I need filtering by 
group attribute.

As I understand best solutions would be:
a. http://code.google.com/p/mod-auth-external/ - create dynamic python 
program for example what would filter by using group attribute
b. patch current mod_authz_ldap

Variant A seems a bit less messy (future problems on updates etc with 
variant B). Can anyone of you recommend something better?









---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message