Mailing List Archive

alias for AuthLDAPBindDN and AuthLDAPBindPassword
Hi.

I'm trying to provide users on my site with the ability to offer pages
protected by .htaccess using the httpd mod_ldap/mod_authn_ldap modules. 
Authentication by username, and authorization by group name.

However, I can't give the users the AuthLDAPBindPassword, and I'd rather
pre-define the AuthLDAPBindDN and AuthLDAPURL as well.

From looking at the docs, it looks like I can use

<AuthnProviderAlias my-ldap>

 AuthLDAPURL ...

 AuthLDAPBindDN ...

 AuthLDAPBindPassword ...

</AuthnProviderAlias>

Now when the users uses: AuthBasicProvider my-ldap, those values get
inherited.  This is terrific.

but then for the authorization part, if I want users to be able to
authorize based on groups, and I don't want them to have to enter the
URL/BindDN/Password, then for each and every group, it appears that I
need to have a section in my apache config:

<AuthzProviderAlias ldap-group ....>

  AuthLDAPURL

  AuthLDAPBindDN

  AuthLDAPBindPassword ...

  Require ldap-group cn=mygroup,...

</AuthzProviderAlias>

Is that really true?  or am I missing something?

Is there no other way?

Jason.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org