httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject [users@httpd] mod_authzn_ldap: combining queries to different LDAP layouts
Date Thu, 22 Mar 2018 09:26:01 GMT
Is it possible to use two mod_authzn_ldap checks that need different
settings in the same Location container?

For example:

<Location ...>
<RequireAny>
  AuthType Basic
  AuthBasicProvider ldap
  AuthName ...
  AuthLDAPurl ...
  <RequireAll>
    AuthLDAPGroupAttribute member
    AuthLDAPGroupAttributeIsDN On
    Require ldap-group cn=one,...
  </RequireAll>
  <RequireAll>
    AuthLDAPGroupAttribute memberUid
    AuthLDAPGroupAttributeIsDN Off
    Require ldap-group cn=two,...
  </RequireAll>
</RequireAny>
</Location>

I have tried the above and it looks like only the last instance of
AuthLDAPGroupAttribute and AuthLDAPGroupAttributeIsDN are used.

The groups one and two are defined differently and need different
settings if the validation is to work.
The individual Require commands work if used in different <Location> sections.

Is there a way to get round this?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message