httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mxrgus Pxrt <>
Subject Re: [users@httpd] Filter by group attribute using mod authnz_ldap
Date Wed, 14 Oct 2009 13:50:09 GMT
Marc Patermann wrote:
> Hi,
> Mxrgus Pxrt schrieb:
>> Would it be possible to filter users not only by user attributes or 
>> groups but also by attributes of group using authnz_ldap?
>> Example:
>> Users:
>> cn: First Last, ou: people, dc: lol
>> cn: Second Last, ou: pople, dc: lol
>> Groups:
>> cn: lord, ou: group, dc: lol
>>  member: First Last
>>  attribute111: yes
>> Now, if attribute111 is yes, auth succeeds.
>> If not, what would be your recommendation, how to solve this task?
> Hm, if there was any group-filter setting ...
> But you have to _name_ the ldap-group anyone, don't you? So just name 
> LDAP groups here which have the attribute. :)
> If you use AuthLDAPBindDN for searching ldap by apache, you could 
> "hide" other groups than these with the attribute by ACL on the ldap 
> server.
> Marc

Both solutions what you offered are not good enough.

By defining groups one by one in ldap-group or messing around per group 
in ACL of ldap server I would not gain anything, I need filtering by 
group attribute.

As I understand best solutions would be:
a. - create dynamic python 
program for example what would filter by using group attribute
b. patch current mod_authz_ldap

Variant A seems a bit less messy (future problems on updates etc with 
variant B). Can anyone of you recommend something better?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message