TAG <Location> and ldap_auth

TAG <Location> and ldap_auth

am 13.01.2010 15:18:07 von Bruno Galindro da Costa

--0016367657b98260a7047d0c701d
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi,

I need to authenticate the users of my network to distinguish
directories of SVN with ldap_auth. The method that I used is through the
tag. The following method that I use is the correct method to
prevent users that isn=B4t inside the AD group GR_INT_SVN to access the /sv=
n
location?

################ *Versions *################
Apache/2.2.9 (Win32) DAV/2 SVN/1.5.1
Windows Server 2003 Enterprise Edition
mod_authnz_ldap.so: 2.2.9

**################ *httpd.conf ####################

*ServerRoot "C:/Arquivos de programas/Apache Software Foundation/Apache2.2"

Listen 80

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule setenvif_module modules/mod_setenvif.so

LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so



User daemon
Group daemon



ServerAdmin admin@domain.com

DocumentRoot "C:/Arquivos de programas/Apache Software
Foundation/Apache2.2/htdocs"

Foundation/Apache2.2/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all



DirectoryIndex index.html



Order allow,deny
Deny from all
Satisfy All


ErrorLog "logs/error.log"

LogLevel warn


LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"=
"
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common


LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio


CustomLog "logs/access.log" common



ScriptAlias /cgi-bin/ "C:/Arquivos de programas/Apache Software
Foundation/Apache2.2/cgi-bin/"





Foundation/Apache2.2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all


DefaultType text/plain


TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz



SSLRandomSeed startup builtin
SSLRandomSeed connect builtin


*
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off

AuthName Subversion

SVNPath E:\SVN\repository0
DAV svn

SVNListParentPath on
SVNPathAuthz on

AuthLDAPUrl "ldap://
domain.com/dc=3Ddomain,dc=3Dcom?samAccountName?sub?(&(object Class=3DUser)(M=
emberOf=3DCN=3DGR_INT_SVN,OU=3DInternal,OU=3DAcessos,dc=3Ddo main,dc=3Dcom))
"
AuthLDAPBindDN "CN=3DSVNQueryUser,OU=3DQueryUsers,dc=3Ddomain,dc=3D=
com"
AuthLDAPBindPassword pass

require valid-user



# Project 01

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off

AuthName Subversion_P01

AuthLDAPUrl "ldap://
domain.com/dc=3Ddomain,dc=3Dcom?samAccountName?sub?(&(object Class=3DUser)(M=
emberOf=3DCN=3DGR_INT_SVN_P01,OU=3DInternal,OU=3DAcessos,dc= 3Ddomain,dc=3Dc=
om))
"
AuthLDAPBindDN "CN=3DSVNQueryUser,OU=3DQueryUsers,dc=3Ddomain,dc=3D=
com"
AuthLDAPBindPassword pass
*


Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all


################*####################**####################*


--=20
Att.
Bruno Galindro da Costa
bruno.galindro@gmail.com

--0016367657b98260a7047d0c701d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi,

  =A0 I need to authenticate the users of my network to dist=
inguish directories of SVN with ldap_auth. The method that I used is throug=
h the <Location> tag. The following method that I use is the correct =
method to prevent users that isn=B4t inside the AD group GR_INT_SVN to acce=
ss the /svn location?


################ Versions ################

Apache/2.2.9 (Win32) DAV/2 SVN/1.5.1
Windows Server 2003 Enterprise Edit=
ion
mod_authnz_ldap.so: 2.2.9

################ httpd.co=
nf ####################

ServerRoot "C:/Arquivos de programa=
s/Apache Software Foundation/Apache2.2"


Listen 80

LoadModule actions_module modules/mod_actions.so
Lo=
adModule alias_module modules/mod_alias.so
LoadModule asis_module module=
s/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so

LoadModule authn_default_module modules/mod_authn_default.so
LoadModule =
authn_file_module modules/mod_authn_file.so
LoadModule authnz_ldap_modul=
e modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod=
_authz_default.so

LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadMod=
ule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_mo=
dule modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_a=
utoindex.so

LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_module modules/m=
od_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule d=
ir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so >
LoadModule include_module modules/mod_include.so
LoadModule isapi_module=
modules/mod_isapi.so
LoadModule ldap_module modules/mod_ldap.so
Load=
Module log_config_module modules/mod_log_config.so
LoadModule mime_modul=
e modules/mod_mime.so

LoadModule negotiation_module modules/mod_negotiation.so
LoadModule sete=
nvif_module modules/mod_setenvif.so

LoadModule dav_module modules/mo=
d_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule =
authz_svn_module modules/mod_authz_svn.so


<IfModule !mpm_netware_module>
   <IfModule !mpm_winnt_=
module>
    =A0 User daemon
    =A0 Group daemon r>   </IfModule>
</IfModule>

ServerAdmin =3D"mailto:admin@domain.com">admin@domain.com


DocumentRoot "C:/Arquivos de programas/Apache Software Foundation/=
Apache2.2/htdocs"

<Directory "C:/Arquivos de programas/=
Apache Software Foundation/Apache2.2/htdocs">
  =A0 Options =
Indexes FollowSymLinks

  =A0 AllowOverride None
  =A0 Order allow,deny
  =A0 All=
ow from all
</Directory>

<IfModule dir_module>
=A0=
   DirectoryIndex index.html
</IfModule>

<FilesMatch=
"^\.ht">

  =A0 Order allow,deny
  =A0 Deny from all
  =A0 Satisfy =
All
</FilesMatch>

ErrorLog "logs/error.log"
r>LogLevel warn

<IfModule log_config_module>
  =A0 LogF=
ormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"=
; \"%{User-Agent}i\"" combined

  =A0 LogFormat "%h %l %u %t \"%r\" %>s %b" comm=
on

  =A0 <IfModule logio_module>
    =A0 LogFor=
mat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" =
\"%{User-Agent}i\" %I %O" combinedio

  =A0 </IfModule>

  =A0 CustomLog "logs/access.lo=
g" common
</IfModule>

<IfModule alias_module> >  =A0 ScriptAlias /cgi-bin/ "C:/Arquivos de programas/Apache Soft=
ware Foundation/Apache2.2/cgi-bin/"

</IfModule>

<IfModule cgid_module>
</IfModule><=
br>
<Directory "C:/Arquivos de programas/Apache Software Foundat=
ion/Apache2.2/cgi-bin">
  =A0 AllowOverride None
  =
=A0 Options None

  =A0 Order allow,deny
  =A0 Allow from all
</Directory>=
;

DefaultType text/plain

<IfModule mime_module>
=A0=
   TypesConfig conf/mime.types
  =A0 AddType application/x-compr=
ess .Z
  =A0 AddType application/x-gzip .gz .tgz

</IfModule>

<IfModule ssl_module>
SSLRandomSeed start=
up builtin
SSLRandomSeed connect builtin
</IfModule>

=
<Location "/svn">
  =A0 AuthType Basic
  =A0 =
AuthBasicProvider ldap

  =A0 AuthzLDAPAuthoritative off

  =A0 AuthName Subversion r>
  =A0 SVNPath E:\SVN\repository0
  =A0 DAV svn

=A0=
   SVNListParentPath on
  =A0 SVNPathAuthz on

  =A0=
AuthLDAPUrl "ldap:// ?samAccountName?sub?(&(objectClass=3DUser)(MemberOf=3DCN =3DGR_INT_SVN,O=
U=3DInternal,OU=3DAcessos,dc=3Ddomain,dc=3Dcom))">domain.com /dc=3Ddomain,dc=
=3Dcom?samAccountName?sub?(&(objectClass=3DUser)(MemberO f=3DCN=3DGR_INT=
_SVN,OU=3DInternal,OU=3DAcessos,dc=3Ddomain,dc=3Dcom))"

      =A0 AuthLDAPBindDN "CN=3DSVNQueryUser,OU=3DQueryUser=
s,dc=3Ddomain,dc=3Dcom"
      =A0 AuthLDAPBindPassword =
pass

  =A0 require valid-user

</Location>

# =
Project 01
<Location "/svn/P01">

      =A0 AuthType Basic
      =A0 AuthBasicProv=
ider ldap
      =A0 AuthzLDAPAuthoritative off

  =
    =A0 AuthName Subversion_P01
  =A0
      =
=A0 AuthLDAPUrl "ldap:// com?samAccountName?sub?(&(objectClass=3DUser)(MemberOf=3 DCN=3DGR_INT_SV=
N_P01,OU=3DInternal,OU=3DAcessos,dc=3Ddomain,dc=3Dcom))">dom ain.com/dc=3Ddo=
main,dc=3Dcom?samAccountName?sub?(&(objectClass=3DUser)( MemberOf=3DCN=
=3DGR_INT_SVN_P01,OU=3DInternal,OU=3DAcessos,dc=3Ddomain,dc= 3Dcom))&quo=
t;

      =A0 AuthLDAPBindDN "CN=3DSVNQueryUser,OU=3DQueryUser=
s,dc=3Ddomain,dc=3Dcom"
      =A0 AuthLDAPBindPassword =
pass
</location>

<Directory />
  =A0 Optio=
ns FollowSymLinks
  =A0 AllowOverride None

  =A0 Order deny,allow
  =A0 Allow from all
</Directory>=
;

########################################################=



--
Att.
Bruno Galindro da Costa
:bruno.galindro@gmail.com">bruno.galindro@gmail.com



--0016367657b98260a7047d0c701d--