From users-return-117178-archive-asf-public=cust-asf.ponee.io@httpd.apache.org Thu Mar 22 10:26:14 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 3D4C0180676 for ; Thu, 22 Mar 2018 10:26:14 +0100 (CET) Received: (qmail 91729 invoked by uid 500); 22 Mar 2018 09:26:12 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 91719 invoked by uid 99); 22 Mar 2018 09:26:12 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Mar 2018 09:26:12 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id B2DAA1A022D for ; Thu, 22 Mar 2018 09:26:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.121 X-Spam-Level: X-Spam-Status: No, score=-0.121 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id nD7kankOqBEf for ; Thu, 22 Mar 2018 09:26:10 +0000 (UTC) Received: from mail-pl0-f52.google.com (mail-pl0-f52.google.com [209.85.160.52]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 18A495F2A9 for ; Thu, 22 Mar 2018 09:26:10 +0000 (UTC) Received: by mail-pl0-f52.google.com with SMTP id w15-v6so4918693plq.9 for ; Thu, 22 Mar 2018 02:26:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=wlaztFaRNEYH8sz4YYZJYHn4Ssm8f4wjvbpjyTyA3yY=; b=BfOB1VyB0LqsoB/q6BIU76jcfqe4glMZkNLAhE3JJFuTEm7h8f2SMAbD+5CGqjut5n pbVspNVggCFNQbB4quCmysrSHCy5jA/AxNIYmznVJ/02VuOfqHd/aw70pKbhGzHamoa6 MEgNu1FE5zyhul4zmMDpzw8im4FUSLjdBsHUpfWfZIb3/lrG+nL2tTCxUcY0OV+TMxd5 m7nvq1fKaYmI1hPZ60i7jQR66ARJecLmEZAxgiFEhyxQeWbP8+NDGXYvVFszYY3TW9Q2 mvAUMb0LJstjbzf2hiB4KGpajkWIfFpgP9J14MU18dDVImdiP9iU+PMEzo6C4dd6zHpX oPCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=wlaztFaRNEYH8sz4YYZJYHn4Ssm8f4wjvbpjyTyA3yY=; b=Ce0uwWU8SRSAJCeG9ntMMLKSYRJUv2giVfUf/gI5FV+a9DGl28WV0yH4QEtJHpGSQ5 4tHpdfOCQxC54D14oud1ik8izikjTtU3t3coKHZWsgaNE3IkRWFJG/IMu/Rgja44/kZj AUTLYx4f8WeP+t8GAAWum9EL3/UQIbVFy0q91Sl1OMecq1roAagMBqQWBeDQeceQw5Y8 u78WWbcOQVOGBDQZpU9SCLMD0kZmmyxEfZ1Wyp1psS4zHYzEAFjA01wSnYpJBtIzSqHn B73k0k80YqpYdk7hQkUueOzUTeHwQ9M2Yv2CH+065Q/UG1elIUXxb7M6OsCiz8+nv8WL xBTA== X-Gm-Message-State: AElRT7H419H6JAiQyY/7t7yONDBSq0pm1wTKJ5rRsJxVbP/+z7qIpcW6 qaPR0GcLeFWFElz488iU0UhirIjbfwOO0l8bplEflgT3 X-Google-Smtp-Source: AG47ELtoWSmECdMQeorv4HIsJg7n/K87qzSAC7pwklG0obvTHMj71HeVQnV0LhINPZs3E3lLaHM9SiaPs/QdwMmZ/to= X-Received: by 2002:a17:902:227:: with SMTP id 36-v6mr23529854plc.134.1521710762684; Thu, 22 Mar 2018 02:26:02 -0700 (PDT) MIME-Version: 1.0 Received: by 10.100.189.6 with HTTP; Thu, 22 Mar 2018 02:26:01 -0700 (PDT) From: sebb Date: Thu, 22 Mar 2018 09:26:01 +0000 Message-ID: To: users@httpd.apache.org Content-Type: text/plain; charset="UTF-8" Subject: [users@httpd] mod_authzn_ldap: combining queries to different LDAP layouts Is it possible to use two mod_authzn_ldap checks that need different settings in the same Location container? For example: AuthType Basic AuthBasicProvider ldap AuthName ... AuthLDAPurl ... AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN On Require ldap-group cn=one,... AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN Off Require ldap-group cn=two,... I have tried the above and it looks like only the last instance of AuthLDAPGroupAttribute and AuthLDAPGroupAttributeIsDN are used. The groups one and two are defined differently and need different settings if the validation is to work. The individual Require commands work if used in different sections. Is there a way to get round this? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org