[Date Prev][Date Next]
Re: Apache authentication?
Note that for this module, the path specified in the AuthLDAPURL directive
specifies the subtree to search for the user object for authentication.
The "require group" directive takes a full DN locating the group object to
use for checking group membership.
There is no search for the group object, it is fully specified by you (in
the "require group" directive).
Basically yes, I think you need to use the same AuthLDAPURL as in your
<Directory /> container.
More documentation at http://www.rudedog.org/auth_ldap/1.6/auth_ldap.html
If you have more questions, we should probably take this off the list, as
it's a bit off-topic.
> In a message dated: Wed, 28 May 2003 11:55:18 MDT
> "Alan Sparks" said:
>>Probably a better place to be asking these questions is in the
>> auth_ldap mailing lists, check http://www.rudedog.org/auth_ldap/.
>>> AuthLDAPURL ldap://localhost/cn=Admins,dc=foo,dc=com
>>> Require group cn=Admins,dc=foo,dc=com
>>I do things like this a lot, but I do not understand why you've changed
>> the AuthLDAPURL from what you used in the other <Directory> container.
>> Unless you actually have account objects under cn=Admins,dc=foo,dc=com,
>> this doesn't make any sense. I'd normally expect you to have group
>> objects here, with uniqueMember or member attributes enumerating the
>> group members.
> Hmmm, maybe therein lies my problem. I thought, for some reason, that
> I needed to provide AuthLDAPURL with a URL which referenced the top of
> a branch. I have 2 main branches, People (which contains
> everyone's records) and Admins, which is a groupOfUniqueNames,
> containing uniqueMember entries, which are the dn's of those members.
> Are you saying that the <Directory /admin/> section should have the
> same AuthLDAPURL entry as the <Directory /> section?
> Key fingerprint = 1660 FECC 5D21 D286 F853 E808 BB07 9239 53F1 28EE
> It may look like I'm just sitting here doing nothing,
> but I'm really actively waiting for all my problems to go away.
> If you're not having fun, you're not doing it right!
Alan Sparks, UNIX/Linux Systems Administrator <email@example.com>