I am running Apache 2.2. I have the following configuration for apache currently and it works fine. I have ldap1 and ldap2 for authentication. <AuthnProviderAlias ldap ldap1> AuthLDAPURL ldap://aphelion-server:389/ou=people,cn=AdministrativeLdap,cn=App,o=org AuthLDAPBindDN "cn=Manager" AuthLDAPBindPassword "12345" </AuthnProviderAlias>
<AuthnProviderAlias ldap ldap2> AuthLDAPURL ldap://ADserver:3268/ DC=mycompany,DC=net?sAMAccountName?sub?(objectClass=*) AuthLDAPBindDN "CN=produser,OU=xx,DC=mycompany,DC=net" AuthLDAPBindPassword "12345" </AuthnProviderAlias> <LocationMatch /loc1/rfa(;.*)?> AuthzLDAPAuthoritative off AuthName "Test" Options -Indexes AuthType Basic AuthBasicProvider ldap1 ldap2 require valid-user </LocationMatch> The new requirement is to keep ldap1 as it is but authenticate users from a security group for ldap2. The security group is CN=App_Users,OU=All Groups,DC=mycompany,DC=net. I have tried the following config. <LocationMatch /loc1/rfa(;.*)?> AuthzLDAPAuthoritative on AuthName "Test" Options -Indexes AuthType Basic AuthBasicProvider ldap1 ldap2 AuthLDAPURL ldap://ADServer:3268/DC=mycompany,DC=net?sAMAccountName?sub?(objectClass=*) AuthLDAPBindDN "CN=produser, OU=xx,DC=mycompany,DC=net" AuthLDAPBindPassword "12345" require ldap-group CN=App_Users,OU=All Groups,DC=mycompany,DC=net AuthLDAPGroupAttributeIsDN on require ldap-dn uid=user1, ou=people,cn=AdministrativeLdap,cn=App,o=org #require valid-user </LocationMatch> This config works for ldap2 and it checks if user belongs to the security group. But I don't want to check the security group access for ldap1. I put the require ldap-dn directive but it only authorizes user user1 and I am not sure how to authorize all users from ldap1. Thanks, AL
