http://www.apache-httpd.com/
http://www.apache-httpd.com/
I am running Apache 2.2. I have the following configuration for
apache currently and it works fine. I have ldap1 and ldap2 for authentication.
<AuthnProviderAlias ldap ldap1>
AuthLDAPURL ldap://aphelion-server:389/ou=people,cn=AdministrativeLdap,cn=App,o=org
AuthLDAPBindDN "cn=Manager"
AuthLDAPBindPassword "12345"
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap2>
AuthLDAPURL ldap://ADserver:3268/ DC=mycompany,DC=net?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN "CN=produser,OU=xx,DC=mycompany,DC=net"
AuthLDAPBindPassword "12345"
</AuthnProviderAlias>
<LocationMatch /loc1/rfa(;.*)?>
AuthzLDAPAuthoritative off
AuthName "Test"
Options -Indexes
AuthType Basic
AuthBasicProvider ldap1 ldap2
require valid-user
</LocationMatch>
The new requirement is to keep ldap1 as it is but
authenticate users from a security group for ldap2. The security group is CN=App_Users,OU=All
Groups,DC=mycompany,DC=net.
I have tried the following config.
<LocationMatch /loc1/rfa(;.*)?>
AuthzLDAPAuthoritative on
AuthName "Test"
Options -Indexes
AuthType Basic
AuthBasicProvider ldap1 ldap2
AuthLDAPURL ldap://ADServer:3268/DC=mycompany,DC=net?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN "CN=produser, OU=xx,DC=mycompany,DC=net"
AuthLDAPBindPassword "12345"
require ldap-group CN=App_Users,OU=All Groups,DC=mycompany,DC=net
AuthLDAPGroupAttributeIsDN on
require ldap-dn uid=user1, ou=people,cn=AdministrativeLdap,cn=App,o=org
#require valid-user
</LocationMatch>
This config works for ldap2 and it checks if user belongs to
the security group. But I don’t want to check the security group access
for ldap1. I put the require ldap-dn directive but it only authorizes user
user1 and I am not sure how to authorize all users from ldap1.
Thanks,
AL