Re: [users@httpd] Apache, LDAP AUTH and directory access

Mon, 11 Jul 2005 06:53:46 -0700


Hello,

You might have to create containers for each user. e.g.: (Notice "require saqib" instead of "require valid-user"

<Directory /ftp/private/gael>
    Options MultiViews Indexes
    AuthType Basic
    AuthName "Private Zone"
    AuthLDAPUrl ldap://127.0.0.1:389/ou=users,ou=ftp,dc=test?uid?sub?
    AuthLDAPBindDN uid=avaliduidtologin,dc=test
    AuthLDAPBindPassword secret
    require gael
    <Limit GET POST>
            Order Deny,Allow
            Allow from All
    </Limit>
</Directory>

<Directory /ftp/private/saqib>
    Options MultiViews Indexes
    AuthType Basic
    AuthName "Private Zone"
    AuthLDAPUrl ldap://127.0.0.1:389/ou=users,ou=ftp,dc=test?uid?sub?
    AuthLDAPBindDN uid=avaliduidtologin,dc=test
    AuthLDAPBindPassword secret
    require saqib
    <Limit GET POST>
            Order Deny,Allow
            Allow from All
    </Limit>
</Directory>
... etc

Covalent < http://www.covalent.com >  provides mod_ftp < http://www.covalent.net/webinar/mod_ftp-Webinar.ppt > which does exactly what you are trying to do. And they make administration extremely easy through the use of a GUI. Take a look at that as well.

Thanks.
Saqib Ali
http://www.xml-dev.com/blog/


"Gael Mauleon" <[EMAIL PROTECTED]>
No Phone Info Available

07/11/2005 05:39 AM

Please respond to
users@httpd.apache.org
To
<users@httpd.apache.org>
cc
Subject
[EMAIL PROTECTED] Apache, LDAP AUTH and directory access





Subject: LDAP Auth and Users Directory
From: Gael Mauleon <[EMAIL PROTECTED]>
Newsgroups: comp.infosystems.www.servers.unix
 
Hi,
 
I have a few problems with the way I can use the LDAP auhtentification.
 
I want my users to view their directory with a basic authentification via
LDAP, and I don't want to modify my config file with every users I add.
 
Here is what I used for the test ->
 
 
UserDir /ftp/private
<Directory /ftp/private/*>
    Options MultiViews Indexes
    AuthType Basic
    AuthName "Private Zone"
    AuthLDAPUrl ldap://127.0.0.1:389/ou=users,ou=ftp,dc=test?uid?sub?
    AuthLDAPBindDN uid=avaliduidtologin,dc=test
    AuthLDAPBindPassword secret
    require valid-user
    <Limit GET POST>
            Order Deny,Allow
            Allow from All
    </Limit>
</Directory>
 
 
This is working quite well but unfortunatly with that, everyone can
authenticate into every directory, (bob can view with his login/pass the
directory of john).
 
So my question is :
 
Can I use some variable (contening requested directory for exemple) as a
filter to my ldap search or in the Allow directive so a user can log only
to his directory ??
 
Or perhaps (apart the .htaccess file), another solution exists ?
 
 
Thanks in advance.
Gael.
 
 
 

Reply via email to