httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ramesh Nadupalli <nadupalliram...@gmail.com>
Subject Re: [users@httpd] Access controls
Date Mon, 16 Dec 2013 10:06:46 GMT
Also thank you for your suggestion on having multiple locations in the
config, I'll give it a shot.Is it possible to have some sort of an
accessfile to control the access for users?

On Mon, Dec 16, 2013 at 3:32 PM, Ramesh Nadupalli
<nadupalliramesh@gmail.com> wrote:
> sorry if I haven't made my requirement clear, Here is what I am
> looking for...I was trying to achieve the below functionality,
>
> http://myurl.com/sitea -> user1
> http://myurl.com/siteb -> user1 &user2.
> http://myurl.com/sitec -> user3.
> http://myurl.com/sited -> user1, user2 and user3.
>
> Using the require is allowing everyone in the LDAP, which we don't
> want it. Hope its clear now?
>
> Thanks
> Ramesh
>
> On Mon, Dec 16, 2013 at 2:32 PM, Otis Dewitt - NOAA Affiliate
> <otis.dewitt@noaa.gov> wrote:
>> What do you mean?
>>
>> "Since our requirement is to control access based on a path."
>>
>> <Location /example1>
>>         AuthType basic
>>         AuthName "Example 1 use your LDAP login."
>>         AuthBasicProvider ldap
>>         AuthLDAPURL
>> "ldaps://example-ldap.example.com:636/o=example.com?uid??(&(objectClass=inetOrgPerson)(groups=groupA))"
>>         AuthBasicProvider ldap
>>                 Require user bob.stanton
>>         SetOutputFilter DEFLATE
>> </Location>
>>
>> <Location /example2>
>>         AuthType basic
>>         AuthName "Example 2 use your LDAP login."
>>         AuthBasicProvider ldap
>>         AuthLDAPURL
>> "ldaps://example-ldap.example.com:636/o=example.com?uid??(&(objectClass=inetOrgPerson)(groups=groupA))"
>>         AuthBasicProvider ldap
>>             Require user tom.scott
>>         SetOutputFilter DEFLATE
>> </Location>
>>
>> This works perfect for me.
>>
>> Thanks,
>> Otis
>>
>>
>> On Sun, Dec 15, 2013 at 11:19 AM, Ramesh Nadupalli
>> <nadupalliramesh@gmail.com> wrote:
>>>
>>> I use Directory. This is how my config file look like....
>>>
>>> <Directory />
>>>         AuthType Basic
>>>         AuthName "Enter your ID"
>>>         AuthBasicProvider ldap
>>>         AuthBasicAuthoritative off
>>>         AuthLDAPUrl
>>> ldap://url:389/dc=domain,dc=com?samAccountName?sub?(objectClass=*)
>>> NONE
>>>         AuthLDAPBindDN "cn=xxx,ou=xxx,dc=domain,dc=com"
>>>         AuthLDAPBindPassword xxxxxxxxx
>>>         Require valid-user
>>> </Directory>
>>>
>>> On Sun, Dec 15, 2013 at 9:12 PM, Eric Covener <covener@gmail.com> wrote:
>>> > On Sun, Dec 15, 2013 at 9:54 AM, Ramesh Nadupalli
>>> > <nadupalliramesh@gmail.com> wrote:
>>> >> Thanks Eric for your response. I have tried below options,
>>> >>
>>> >>         Require valid-user (when I pass valid-user, it authenticates
>>> >> and allows everyone in the LDAP filter to access the webserver)
>>> >>         Require user usera userb userc (It allows only these users)
>>> >>
>>> >> Since our requirement is to control access based on a path, I am not
>>> >> sure what else can be used to read an access file.
>>> >
>>> > Enclose the directives in  <Location> or <Directory>?
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> > For additional commands, e-mail: users-help@httpd.apache.org
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message