httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J.Lance Wilkinson" <jl...@psu.edu>
Subject Re: [users@httpd] Dynamic selection of mod_authnz_ldap's 'require ldap-group' object?
Date Fri, 24 Feb 2012 13:29:12 GMT
I'd said:
 >
 >     I'm presuming that there's some way, using a mod_rewrite rule, to
 >     extract the desired information from the URI and stash it, say, in
 >     an environment variable.  The task then is to somehow use that
 >     extracted value to impose the appropriate restrictions in the
 >     require directive.  Thus, website authors create a directory path
 >     ..../restricted/THIS.LDAP.__GROUP/content.that.is
 >     <http://content.that.is>.__restricted.html and the required group
 >     would automatically be cn=THIS.LDAP.GROUP for that directory and below.

Igor Cicimov wrote:
> Have a look at SetEnvIf and mod_rewrite where you can set enviroment 
> variable based on something in the headers, uri and/or request string. 
> Not sure if yo can use that var inside mod_authz_ldap though.

	And there's the rub -- as I'd already guessed, you're confirming
	there is a way to extract the desired value for a group name or filter
	specification from the presented URI.

	The issue remains whether I can USE that value in the REQUIRE directive
	effective while satisfying the request implied by that presented URI
	without somehow enhancing the functionality of the REQUIRE directive
	and the extention that mod_authnz_ldap (or maybe it's util_ldap or
	some other module?) provides when is adds ldap-group and ldap-filter
	as potential objects to the directive.

-- 
J.Lance Wilkinson ("Lance")		InterNet: Lance.Wilkinson@psu.edu
Systems Design Specialist - Lead	Phone: (814) 865-4870
Digital Library Technologies		FAX:   (814) 863-3560
E3 Paterno Library
Penn State University
University Park, PA 16802

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message