>>
>> This doesn't seem to work. I know your thinking - "why not just use
>> groups"? Ans: Simply because we don't want to have to maintain groups for
>> our many clients. We would like to rely on the client user's presence in
>> the OU (and allow our service accounts and support personnel at th
On Mon, Oct 26, 2009 at 5:43 PM, Brian Banaszynski
wrote:
>
> This doesn’t seem to work. I know your thinking – “why not just use
> groups”? Ans: Simply because we don’t want to have to maintain groups for
> our many clients. We would like to rely on the client user’s presence in
> the OU (and
We are trying to allow Apache to authenticate users to a certain site based on
being in one of 3 OU designations in AD.
3. A specific client OU (Client ABC in our example)
1. Service Accounts
2. Internal Support
We have set up 3 "AuthnProviderAlias" directives.
Notably, all the alias definitio
I tried AuthLDAPRemoteUserIsDN. I can login by just entering a username.
It set REMOTE_USER to the full distinguished name, LDAP style:
CN=Craig McQueen,OU=Users,OU=MyDepartment,OU=All,DC=mycompany,DC=com,DC=au
That does enable the back-end to distinguish which domain the
authentication is on.
Simple fix: have a job on the server that comes by and takes all the
auth data from one source and consolidates it into its own, then goes to
the next, rinse repeat.
Shoudlnt be hard...
--
Morgan Gangwere
Unknown Software
http://sonof.bandit.name/
Member, INCOSE [ incose.org ] PACA [ paca.org
On Thu, Dec 11, 2008 at 9:12 AM, Craig McQueen
<[EMAIL PROTECTED]> wrote:
> It's a global company and we now want to allow remote branches to access the
> server. That means we want to extend authentication somehow.
I had the same issues, also with an apache subversion server.
In the end I settl
Hi.
Craig McQueen wrote:
[...]
I believe (only believe, not certain), that the Windows Domain method
would work if your local domain and the global domain were in a "trust
relationship" (Windows Domain term) with eachother. That is, the DC
that you use for SSPI authentication acepts the id's
Thanks for your reply. Your question prompted me to check the docs
again, and I see there is the AuthLDAPRemoteUserIsDN option. I hadn't
realised that possibility before. I'll try it. Requiring our users to
enter their username in FQD isn't going to work. But if
AuthLDAPRemoteUserIsDN works in
Does the option 3 work changing the username from the form domain\username
into [EMAIL PROTECTED] (domain in fqd form i.e. example.com)?
Regards Michele
On Thu, Dec 11, 2008 at 9:12 AM, Craig McQueen
<[EMAIL PROTECTED]>wrote:
> My company (in Australia) has a working Apache server on its Intrane
My company (in Australia) has a working Apache server on its Intranet --
incidentally, for serving Subversion. It's on Windows 2003 and it's set
up for authentication using the SSPI module. Currently Apache 2.0 but I
want to upgrade to 2.2 to support the latest Subversion. We are also
using a Subve
10 matches
Mail list logo
