httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] How do I require more than one Require ldap-* directive match?
Date Tue, 06 Apr 2010 19:57:22 GMT
On Tue, Apr 6, 2010 at 1:50 PM, Thomas, Peter <pthomas@hpti.com> wrote:
> I've looked at the mod_authnz_ldap code and the documentation.  "Out of the
> box" it sems like there's no way to turn the "OR" behavior of Require ldap-*
> lines into "AND."  I've been trying as hard as I can to avoid creating not
> only a new provider type but also a new provider. Unfortunately, the more I
> dig into mod_authnz_ldap the more it seems like it's not quite what I need.
> Is there a "right" way to do this?  One thought is creating a hook that
> "fakes out" check_user_access by dynamically updating the array of requires
> to "present" one ldap-* require line at a time, then aggregating the results
> into a single return value.
>
> I've seen some pretty subtle tricks from all of you--I'm hoping that someone
> out there has a better option than building up a new provider.
>

This comes for free in trunk. I'd review a 2.2.x  patch that just
changed the way the loop operates to respect an "AND" flag -- my guess
is that it is not very hard but I am too swamped to play with it

The caveat for the doc would would be that it only made sense in an
all ldap-* configuration.

This AND behavior for LDAP authz is frequently requested.


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message