'Re: [users@httpd] Access controls'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-users
Subject:    Re: [users@httpd] Access controls
From:       Otis DeWitt <otis.dewitt () noaa ! gov>
Date:       2013-12-16 14:14:14
Message-ID: E7A5B654-A96E-468D-8A62-FC2251B36745 () noaa ! gov
[Download RAW message or body]

The example I gave you does just that, it does not allow everyone in LDAP access, it \
uses LDAP as the source but only allows the required user such as bob.stanton or \
tom.scott or who ever else exists in the require user grabbing them from LDAP.

Try it first.

Thanks,
Otis

> On Dec 16, 2013, at 5:02 AM, Ramesh Nadupalli <nadupalliramesh@gmail.com> wrote:
> 
> sorry if I haven't made my requirement clear, Here is what I am
> looking for...I was trying to achieve the below functionality,
> 
> http://myurl.com/sitea -> user1
> http://myurl.com/siteb -> user1 &user2.
> http://myurl.com/sitec -> user3.
> http://myurl.com/sited -> user1, user2 and user3.
> 
> Using the require is allowing everyone in the LDAP, which we don't
> want it. Hope its clear now?
> 
> Thanks
> Ramesh
> 
> On Mon, Dec 16, 2013 at 2:32 PM, Otis Dewitt - NOAA Affiliate
> <otis.dewitt@noaa.gov> wrote:
> > What do you mean?
> > 
> > "Since our requirement is to control access based on a path."
> > 
> > <Location /example1>
> > AuthType basic
> > AuthName "Example 1 use your LDAP login."
> > AuthBasicProvider ldap
> > AuthLDAPURL
> > "ldaps://example-ldap.example.com:636/o=example.com?uid??(&(objectClass=inetOrgPerson)(groups=groupA))"
> >  AuthBasicProvider ldap
> > Require user bob.stanton
> > SetOutputFilter DEFLATE
> > </Location>
> > 
> > <Location /example2>
> > AuthType basic
> > AuthName "Example 2 use your LDAP login."
> > AuthBasicProvider ldap
> > AuthLDAPURL
> > "ldaps://example-ldap.example.com:636/o=example.com?uid??(&(objectClass=inetOrgPerson)(groups=groupA))"
> >  AuthBasicProvider ldap
> > Require user tom.scott
> > SetOutputFilter DEFLATE
> > </Location>
> > 
> > This works perfect for me.
> > 
> > Thanks,
> > Otis
> > 
> > 
> > On Sun, Dec 15, 2013 at 11:19 AM, Ramesh Nadupalli
> > <nadupalliramesh@gmail.com> wrote:
> > > 
> > > I use Directory. This is how my config file look like....
> > > 
> > > <Directory />
> > > AuthType Basic
> > > AuthName "Enter your ID"
> > > AuthBasicProvider ldap
> > > AuthBasicAuthoritative off
> > > AuthLDAPUrl
> > > ldap://url:389/dc=domain,dc=com?samAccountName?sub?(objectClass=*)
> > > NONE
> > > AuthLDAPBindDN "cn=xxx,ou=xxx,dc=domain,dc=com"
> > > AuthLDAPBindPassword xxxxxxxxx
> > > Require valid-user
> > > </Directory>
> > > 
> > > > On Sun, Dec 15, 2013 at 9:12 PM, Eric Covener <covener@gmail.com> wrote:
> > > > On Sun, Dec 15, 2013 at 9:54 AM, Ramesh Nadupalli
> > > > <nadupalliramesh@gmail.com> wrote:
> > > > > Thanks Eric for your response. I have tried below options,
> > > > > 
> > > > > Require valid-user (when I pass valid-user, it authenticates
> > > > > and allows everyone in the LDAP filter to access the webserver)
> > > > > Require user usera userb userc (It allows only these users)
> > > > > 
> > > > > Since our requirement is to control access based on a path, I am not
> > > > > sure what else can be used to read an access file.
> > > > 
> > > > Enclose the directives in  <Location> or <Directory>?
> > > > 
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > > For additional commands, e-mail: users-help@httpd.apache.org
> > > 
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic