Marc Patermann wrote:
Hi,
Mxrgus Pxrt schrieb:
Would it be possible to filter users not only by user attributes or
groups but also by attributes of group using authnz_ldap?
Example:
Users:
cn: First Last, ou: people, dc: lol
cn: Second Last, ou: pople, dc: lol
Groups:
cn: lord, ou: group, dc: lol
member: First Last
attribute111: yes
Now, if attribute111 is yes, auth succeeds.
If not, what would be your recommendation, how to solve this task?
Hm, if there was any group-filter setting ...
But you have to _name_ the ldap-group anyone, don't you? So just name
LDAP groups here which have the attribute. :)
If you use AuthLDAPBindDN for searching ldap by apache, you could
"hide" other groups than these with the attribute by ACL on the ldap
server.
Marc
Both solutions what you offered are not good enough.
By defining groups one by one in ldap-group or messing around per group
in ACL of ldap server I would not gain anything, I need filtering by
group attribute.
As I understand best solutions would be:
a. http://code.google.com/p/mod-auth-external/ - create dynamic python
program for example what would filter by using group attribute
b. patch current mod_authz_ldap
Variant A seems a bit less messy (future problems on updates etc with
variant B). Can anyone of you recommend something better?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
