Authorize users from two ldaps
am 05.02.2010 19:32:15 von Al Sarraf --_000_60134F54165D634F8252A78C22A8A2424A786E05A5VSTLEXMAILP RD_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
I am running Apache 2.2. I have the following configuration for apache curr=
ently and it works fine. I have ldap1 and ldap2 for authentication.
AuthLDAPURL ldap://aphelion-server:389/ou=3Dpeople,cn=3DAdministrativeLd a=
p,cn=3DApp,o=3Dorg
AuthLDAPBindDN "cn=3DManager"
AuthLDAPBindPassword "12345"
AuthLDAPURL ldap://ADserver:3268/ DC=3Dmycompany,DC=3Dnet?sAMAccountName?=
sub?(objectClass=3D*)
AuthLDAPBindDN "CN=3Dproduser,OU=3Dxx,DC=3Dmycompany,DC=3Dnet"
AuthLDAPBindPassword "12345"
AuthzLDAPAuthoritative off
AuthName "Test"
Options -Indexes
AuthType Basic
AuthBasicProvider ldap1 ldap2
require valid-user
The new requirement is to keep ldap1 as it is but authenticate users from a=
security group for ldap2. The security group is CN=3DApp_Users,OU=3DAll Gr=
oups,DC=3Dmycompany,DC=3Dnet.
I have tried the following config.
AuthzLDAPAuthoritative on
AuthName "Test"
Options -Indexes
AuthType Basic
AuthBasicProvider ldap1 ldap2
AuthLDAPURL ldap://ADServer:3268/DC=3Dmycompany,DC=3Dnet?sAMAccountName? s=
ub?(objectClass=3D*)
AuthLDAPBindDN "CN=3Dproduser, OU=3Dxx,DC=3Dmycompany,DC=3Dnet"
AuthLDAPBindPassword "12345"
require ldap-group CN=3DApp_Users,OU=3DAll Groups,DC=3Dmycompany,DC=3Dnet
AuthLDAPGroupAttributeIsDN on
require ldap-dn uid=3Duser1, ou=3Dpeople,cn=3DAdministrativeLdap,cn=3DApp=
,o=3Dorg
#require valid-user
This config works for ldap2 and it checks if user belongs to the security g=
roup. But I don't want to check the security group access for ldap1. I put =
the require ldap-dn directive but it only authorizes user user1 and I am no=
t sure how to authorize all users from ldap1.
Thanks,
AL
--_000_60134F54165D634F8252A78C22A8A2424A786E05A5VSTLEXMAILP RD_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
I am running Apache 2.2. I have the following configur=
ation for
apache currently and it works fine. I have ldap1 and ldap2 for authenticati=
on.
<AuthnProviderAlias ldap ldap1>
AuthLDAPURL ldap://aphelion-server:389/ou=3Dpeo=
ple,cn=3DAdministrativeLdap,cn=3DApp,o=3Dorg
AuthLDAPBindDN "cn=3DManager"
AuthLDAPBindPassword "12345"
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap2>
AuthLDAPURL ldap://ADserver:3268/ DC=3Dmycompan=
y,DC=3Dnet?sAMAccountName?sub?(objectClass=3D*)
AuthLDAPBindDN "CN=3Dproduser,OU=3Dxx,DC=
=3Dmycompany,DC=3Dnet"
AuthLDAPBindPassword "12345"
</AuthnProviderAlias>
<LocationMatch /loc1/rfa(;.*)?>
AuthzLDAPAuthoritative off
AuthName "Test"
Options -Indexes
AuthType Basic
AuthBasicProvider ldap1 ldap2
require valid-user
</LocationMatch>
The new requirement is to keep ldap1 as it is but
authenticate users from a security group for ldap2. The security group is C=
N=3DApp_Users,OU=3DAll
Groups,DC=3Dmycompany,DC=3Dnet.
I have tried the following config.
<LocationMatch /loc1/rfa(;.*)?>
AuthzLDAPAuthoritative on
AuthName "Test"
Options -Indexes
AuthType Basic
AuthBasicProvider ldap1 ldap2
AuthLDAPURL ldap://ADServer:3268/DC=3Dmycompany=
,DC=3Dnet?sAMAccountName?sub?(objectClass=3D*)
AuthLDAPBindDN "CN=3Dproduser, OU=3Dxx,DC=
=3Dmycompany,DC=3Dnet"
AuthLDAPBindPassword "12345"
require ldap-group CN=3DApp_Users,OU=3DAll Grou=
ps,DC=3Dmycompany,DC=3Dnet
AuthLDAPGroupAttributeIsDN on
require ldap-dn uid=3Duser1, ou=3Dpeople,cn=3DA=
dministrativeLdap,cn=3DApp,o=3Dorg
#require valid-user
</LocationMatch>
This config works for ldap2 and it checks if user belo=
ngs to
the security group. But I don’t want to check the security group acce=
ss
for ldap1. I put the require ldap-dn directive but it only authorizes user
user1 and I am not sure how to authorize all users from ldap1.
Thanks,
AL
--_000_60134F54165D634F8252A78C22A8A2424A786E05A5VSTLEXMAILP RD_--