httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Otis DeWitt <otis.dew...@noaa.gov>
Subject Re: [users@httpd] Access controls
Date Mon, 16 Dec 2013 14:14:14 GMT
The example I gave you does just that, it does not allow everyone in LDAP access, it uses LDAP
as the source but only allows the required user such as bob.stanton or tom.scott or who ever
else exists in the require user grabbing them from LDAP.

Try it first.

Thanks,
Otis

> On Dec 16, 2013, at 5:02 AM, Ramesh Nadupalli <nadupalliramesh@gmail.com> wrote:
> 
> sorry if I haven't made my requirement clear, Here is what I am
> looking for...I was trying to achieve the below functionality,
> 
> http://myurl.com/sitea -> user1
> http://myurl.com/siteb -> user1 &user2.
> http://myurl.com/sitec -> user3.
> http://myurl.com/sited -> user1, user2 and user3.
> 
> Using the require is allowing everyone in the LDAP, which we don't
> want it. Hope its clear now?
> 
> Thanks
> Ramesh
> 
> On Mon, Dec 16, 2013 at 2:32 PM, Otis Dewitt - NOAA Affiliate
> <otis.dewitt@noaa.gov> wrote:
>> What do you mean?
>> 
>> "Since our requirement is to control access based on a path."
>> 
>> <Location /example1>
>>        AuthType basic
>>        AuthName "Example 1 use your LDAP login."
>>        AuthBasicProvider ldap
>>        AuthLDAPURL
>> "ldaps://example-ldap.example.com:636/o=example.com?uid??(&(objectClass=inetOrgPerson)(groups=groupA))"
>>        AuthBasicProvider ldap
>>                Require user bob.stanton
>>        SetOutputFilter DEFLATE
>> </Location>
>> 
>> <Location /example2>
>>        AuthType basic
>>        AuthName "Example 2 use your LDAP login."
>>        AuthBasicProvider ldap
>>        AuthLDAPURL
>> "ldaps://example-ldap.example.com:636/o=example.com?uid??(&(objectClass=inetOrgPerson)(groups=groupA))"
>>        AuthBasicProvider ldap
>>            Require user tom.scott
>>        SetOutputFilter DEFLATE
>> </Location>
>> 
>> This works perfect for me.
>> 
>> Thanks,
>> Otis
>> 
>> 
>> On Sun, Dec 15, 2013 at 11:19 AM, Ramesh Nadupalli
>> <nadupalliramesh@gmail.com> wrote:
>>> 
>>> I use Directory. This is how my config file look like....
>>> 
>>> <Directory />
>>>        AuthType Basic
>>>        AuthName "Enter your ID"
>>>        AuthBasicProvider ldap
>>>        AuthBasicAuthoritative off
>>>        AuthLDAPUrl
>>> ldap://url:389/dc=domain,dc=com?samAccountName?sub?(objectClass=*)
>>> NONE
>>>        AuthLDAPBindDN "cn=xxx,ou=xxx,dc=domain,dc=com"
>>>        AuthLDAPBindPassword xxxxxxxxx
>>>        Require valid-user
>>> </Directory>
>>> 
>>>> On Sun, Dec 15, 2013 at 9:12 PM, Eric Covener <covener@gmail.com> wrote:
>>>> On Sun, Dec 15, 2013 at 9:54 AM, Ramesh Nadupalli
>>>> <nadupalliramesh@gmail.com> wrote:
>>>>> Thanks Eric for your response. I have tried below options,
>>>>> 
>>>>>        Require valid-user (when I pass valid-user, it authenticates
>>>>> and allows everyone in the LDAP filter to access the webserver)
>>>>>        Require user usera userb userc (It allows only these users)
>>>>> 
>>>>> Since our requirement is to control access based on a path, I am not
>>>>> sure what else can be used to read an access file.
>>>> 
>>>> Enclose the directives in  <Location> or <Directory>?
>>>> 
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message