Re: [users@httpd] Apache 2.2.4 / Auth LDAP / OpenLDAP 2.3.35 User authentication

Tue, 10 Jul 2007 07:22:23 -0700 

Tony Stevenson schrieb:

Try this one:
http://wiki.apache.org/httpd/UseLDAPToPasswordProtectAFolder


Nice suggestion noodl  :)


  

I had a look at the wiki and I've decied to test this without
DAV first.

Any noodle, yes, I had a file based authentication for the DAV
container that was working perfectly. I just changed the auth
part to LDAP.

AuthType Basic
AuthzLDAPAuthoritative Off
AuthBasicProvider ldap
AuthName "DOMAIN DAV Upload"
AuthLDAPBindDN "cn=Manager,dc=domain,dc=org"
AuthLDAPBindPassword "mysecretpassword"
AuthLDAPURL
ldap://127.0.0.1:389/ou=DAV,dc=global,dc=domain,dc=org?cn?sub?(objectCla
ss=person)

Require ldap-user U000001


</Limit>
</Directory>

      


One thing you can try quickly is below, i.e. add the quotes around the CN
you want to require.

Require ldap-user "U000001"

  

I'm going to test that right away.

I don't often restrict based on user accounts, more often based on group
membership, allows for extensibility without needing a restart of Apache.

If you would rather use groups, here is what I typically use:

 AuthType Basic
 AuthName "**AUTH REALM NAME HERE**"
 AuthBasicProvider ldap
 AuthzLDAPAuthoritative on
 AuthLDAPGroupAttributeIsDN off
 AuthLDAPGroupAttribute memberUid
 AuthLDAPBindDN          cn=ldapusertobindas,dc=example,dc=com
 AuthLDAPBindPassword    bindpassword
 AuthLDAPURL ldap://localhost/dc=pc-tony,dc=com?uid
 require ldap-group cn=ldapgroup1,ou=groups,dc=example,dc=com


hth


  

Yeah, I've seen a lot of examples based on group authentication,
which I can't use since no user should see the uploaded files
of any other user and may not have access to it. Hence the setup

http://host.domain.com/U000001 ... /U000002 and so forth.

If there is a more elegant way to accomplish this with rewrites
or userdir, please let me know ;)


Cheers,
Tony

  

Thanks for the tips, I will rewrite my httpd.conf to auth
just the docroot with LDAP.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to