On 07.08.2017 10:10, Kedar Sirshikar (ksirshik) wrote:
>
> Hi Brane,
>
> Thank you for reply.
>
>
>
> I am providing some inputs about my experiement as of now.
>
> I am using ‘httpd-2.2.15-54.el6.centos.x86_64’ httpd.
>
> I have attached ldif file and ‘/etc/httpd/conf.d/subversion.conf’
> files for your reference.
>
> I have also attached ‘sssd.conf’ (to interact with LDAP).
>
>
>
> Still I have not been able to grant read access to gidNumber: 500 and
> read/write access to gidNumber: 491 from ldap.
>
> Do you see any obvious issue in attached files? Your advice will be a
> great help!
>
Looks like you're missing two bits:
* the AuthLDAPGroupAttribute is probably needed
* you don't use the whole group distinguished name in the Require
lines (the common name is missing).
As far as I know, mod_ldap won't search the whole subtree for valid
group names, you have to list them explicitly.
-- Brane
