httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Otis Dewitt - NOAA Affiliate <otis.dew...@noaa.gov>
Subject Re: [users@httpd] Access controls
Date Mon, 16 Dec 2013 09:02:19 GMT
What do you mean?

* "Since our requirement is to control access based on a path.*"

<Location /example1>
        AuthType basic
        AuthName "Example 1 use your LDAP login."
        AuthBasicProvider ldap
        AuthLDAPURL "ldaps://
example-ldap.example.com:636/o=example.com?uid??(&(objectClass=inetOrgPerson)(groups=groupA))
"
        AuthBasicProvider ldap
                Require user bob.stanton
        SetOutputFilter DEFLATE
</Location>

<Location /example2>
        AuthType basic
        AuthName "Example 2 use your LDAP login."
        AuthBasicProvider ldap
        AuthLDAPURL "ldaps://
example-ldap.example.com:636/o=example.com?uid??(&(objectClass=inetOrgPerson)(groups=groupA))
"
        AuthBasicProvider ldap
            Require user tom.scott
        SetOutputFilter DEFLATE
</Location>

This works perfect for me.

Thanks,
Otis


On Sun, Dec 15, 2013 at 11:19 AM, Ramesh Nadupalli <
nadupalliramesh@gmail.com> wrote:

> I use Directory. This is how my config file look like....
>
> <Directory />
>         AuthType Basic
>         AuthName "Enter your ID"
>         AuthBasicProvider ldap
>         AuthBasicAuthoritative off
>         AuthLDAPUrl
> ldap://url:389/dc=domain,dc=com?samAccountName?sub?(objectClass=*)
> NONE
>         AuthLDAPBindDN "cn=xxx,ou=xxx,dc=domain,dc=com"
>         AuthLDAPBindPassword xxxxxxxxx
>         Require valid-user
> </Directory>
>
> On Sun, Dec 15, 2013 at 9:12 PM, Eric Covener <covener@gmail.com> wrote:
> > On Sun, Dec 15, 2013 at 9:54 AM, Ramesh Nadupalli
> > <nadupalliramesh@gmail.com> wrote:
> >> Thanks Eric for your response. I have tried below options,
> >>
> >>         Require valid-user (when I pass valid-user, it authenticates
> >> and allows everyone in the LDAP filter to access the webserver)
> >>         Require user usera userb userc (It allows only these users)
> >>
> >> Since our requirement is to control access based on a path, I am not
> >> sure what else can be used to read an access file.
> >
> > Enclose the directives in  <Location> or <Directory>?
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message