RE: [users@httpd] group authorization via LDAP

Fri, 02 Oct 2009 13:22:47 -0700 

Thanks makes sense and works well using require ldap-filter

-Tony


> -----Original Message-----
> From: Eric Covener [mailto:cove...@gmail.com]
> Sent: Friday, October 02, 2009 3:38 PM
> To: users@httpd.apache.org
> Subject: Re: [us...@httpd] group authorization via LDAP
> 
> > AuthLDAPGroupAttribute memberOf
> >
> > require ldap-group CN=mygroup,OU=GroupStuff,OU=Company
> > Groups,DC=dev,DC=company,DC=com
> >
> > My LDAP entry (using the URL above) looks like this:
> > dn:CN=trice,OU=Employees,OU=Company Users,DC=dev,DC=company,DC=com
> >
> >               objectClass: top
> >                            person
> >                            organizationalPerson
> >                            user
> >                        cn: trice
> > <you don't care what my address, mailbox number, etc. is so ... snip>
> >                  memberOf: CN=mygroup,OU=GroupStuff,OU=Company
> > Groups,DC=dev,DC=company,DC=com
> >                            CN=admins,OU=Standard,OU=Company
> > Groups,DC=dev,DC= company,DC=com
> >                department: 8675309
> >                   company: Company, Inc.
> 
> 
> Your config looks for entries like this in ldap:
> 
> cn: =mygroup,OU=Grou....
>   memberOf: trice
>   memberOf: bob
>   ...
> 
> Your LDAP setup should use require ldap-filter to find a memberOf
> under the _user_ that signifies membership in a group, or find how the
> groups entry lists users (not memberOf, but something like member or
> uniqueMember).  ldap-filter starts at the user and looks for stuff,
> ldap-group starts at the group and looks for an entry listing your
> user.
> 
> --
> Eric Covener
> cove...@gmail.com
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>    "   from the digest: users-digest-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to