[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: apache + openldap

To: "Carl St-Jacques" <carlstj@home.com>
Subject: Re: apache + openldap
From: Dave Carrigan <dave@rudedog.org>
Date: 08 Jan 2001 08:26:46 -0800
Cc: "Openldap-Software" <openldap-software@OpenLDAP.org>
In-reply-to: "Carl St-Jacques"'s message of "Mon, 8 Jan 2001 08:29:46 -0500"
Organization: Rude Dog Dot Org
References: <NEBBIOMMCPPGABOCMGCIIEPACMAA.carlstj@home.com>
User-agent: Gnus/5.070099 (Pterodactyl Gnus v0.99) XEmacs/21.1 (Channel Islands)

"Carl St-Jacques" <carlstj@home.com> writes:

> We are looking for an apache module that can authenticate your users inside
> ldap groups and sub-groups. Right now we are using Netscape servers and it's
> working great. We tried with this module:
> http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html
> without success. Does anybody know an apache module that can do groups and
> sub-groups authentification for users.

There were a bunch of Apache modules discussed on this list last week.
I'm not aware of any that can do sub-group authentication. In fact, as
an author of one of those modules (http://www.rudedog.org/auth_ldap),
it's my feeling that it's a bad idea to try to do recursive group member
compares, because it turns a simple LDAP compare operation into a whole
bunch of search and compare operations, and would severely impact
Apache's performance.

I don't know how the netscape web server does nested groups, but I bet
there is some kind of LDAP server-side optimization that they use.

-- 
Dave Carrigan (dave@rudedog.org)            | Yow! I'm not available for
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-DNS | comment..
Seattle, WA, USA                            | 
http://www.rudedog.org/                     |

Follow-Ups:
- Re: apache + openldap
  - From: Dr Andreas F Muller <afm@othello.ch>

References:
- apache + openldap
  - From: "Carl St-Jacques" <carlstj@home.com>

Prev by Date: Which Version??
Next by Date: RE: apache + openldap
Index(es):
- Chronological
- Thread