Authentication for LDAP user or htgroup member
am 22.09.2009 16:52:47 von Maarten te Paske--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
I'm building a website that should authenticate to an LDAP server which
is not maintained by myself. Authentication requires an 'ldap-attribute'
to limit the amount of users than can log in. In addition to that, I'd
like to create groups that consist of LDAP users defined in a
htgroup-file.
My configuration looks like this:
AuthName "LDAP authentication"
AuthType Basic
AuthBasicProvider ldap file
AuthLDAPURL ldaps://xxxx.xx.xx/o=3Duu?uuShortId
Require ldap-attribute foo=3D"bar"
AuthzLDAPAuthoritative off
=20
AuthGroupFile /tmp/htgroup
AuthzGroupFileAuthoritative on
=20
Require valid-user
Require group wOOt
Satisfy Any
(I obfuscated the path to the docroot, the ldap server address, the
ldap-attribute and the group defined in /tmp/htgroup).
My personal LDAP account does not contain the "foo=3Dbar" attribute, but
it is part of group "wOOt" (defined in /tmp/htgroup).
Both authentication models work as I use them as the only method, but
when I add two methods and "Satisfy Any" I'm not asked for authentication.
I think my problem may be similar to this posting:
http://mail-archives.apache.org/mod_mbox/httpd-users/200901. mbox/%3c497883C=
F0200001B0005C01F@wisegate.weizmann.ac.il%3e
Unfortunately that posting doesn't have a definitive solution.
Any ideas are welcome!
--=20
Met vriendelijke groet,
Maarten te Paske
Systeemgroep Wijsbegeerte
--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkq45L8ACgkQ3NhYEThO7Y1+mQCfdAggERYRi+kRO2yCWKQ/ WTh4
yBsAnAwxm8Tiwkha8+DUMrYRYmOCmIi/
=S2zz
-----END PGP SIGNATURE-----
--pf9I7BMVVzbSWLtt--