Hi.
I'm trying to provide users on my site with the ability to offer pages
protected by .htaccess using the httpd mod_ldap/mod_authn_ldap modules.
Authentication by username, and authorization by group name.
However, I can't give the users the AuthLDAPBindPassword, and I'd rather
pre-define the AuthLDAPBindDN and AuthLDAPURL as well.
From looking at the docs, it looks like I can use
<AuthnProviderAlias my-ldap>
AuthLDAPURL ...
AuthLDAPBindDN ...
AuthLDAPBindPassword ...
</AuthnProviderAlias>
Now when the users uses: AuthBasicProvider my-ldap, those values get
inherited. This is terrific.
but then for the authorization part, if I want users to be able to
authorize based on groups, and I don't want them to have to enter the
URL/BindDN/Password, then for each and every group, it appears that I
need to have a section in my apache config:
<AuthzProviderAlias ldap-group ....>
AuthLDAPURL
AuthLDAPBindDN
AuthLDAPBindPassword ...
Require ldap-group cn=mygroup,...
</AuthzProviderAlias>
Is that really true? or am I missing something?
Is there no other way?
Jason.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
I'm trying to provide users on my site with the ability to offer pages
protected by .htaccess using the httpd mod_ldap/mod_authn_ldap modules.
Authentication by username, and authorization by group name.
However, I can't give the users the AuthLDAPBindPassword, and I'd rather
pre-define the AuthLDAPBindDN and AuthLDAPURL as well.
From looking at the docs, it looks like I can use
<AuthnProviderAlias my-ldap>
AuthLDAPURL ...
AuthLDAPBindDN ...
AuthLDAPBindPassword ...
</AuthnProviderAlias>
Now when the users uses: AuthBasicProvider my-ldap, those values get
inherited. This is terrific.
but then for the authorization part, if I want users to be able to
authorize based on groups, and I don't want them to have to enter the
URL/BindDN/Password, then for each and every group, it appears that I
need to have a section in my apache config:
<AuthzProviderAlias ldap-group ....>
AuthLDAPURL
AuthLDAPBindDN
AuthLDAPBindPassword ...
Require ldap-group cn=mygroup,...
</AuthzProviderAlias>
Is that really true? or am I missing something?
Is there no other way?
Jason.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org