TAG <Location> and ldap_auth

--0016367657b98260a7047d0c701d
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi,

I need to authenticate the users of my network to distinguish
directories of SVN with ldap_auth. The method that I used is through the
<Location> tag. The following method that I use is the correct method to
prevent users that isn=B4t inside the AD group GR_INT_SVN to access the /sv=
n
location?

################ *Versions *################
Apache/2.2.9 (Win32) DAV/2 SVN/1.5.1
Windows Server 2003 Enterprise Edition
mod_authnz_ldap.so: 2.2.9

**################ *httpd.conf ####################

*ServerRoot "C:/Arquivos de programas/Apache Software Foundation/Apache2.2"

Listen 80

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule setenvif_module modules/mod_setenvif.so

LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User daemon
Group daemon
</IfModule>
</IfModule>

ServerAdmin admin [at] domain.com

DocumentRoot "C:/Arquivos de programas/Apache Software
Foundation/Apache2.2/htdocs"

<Directory "C:/Arquivos de programas/Apache Software
Foundation/Apache2.2/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>

<IfModule dir_module>
DirectoryIndex index.html
</IfModule>

<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>

ErrorLog "logs/error.log"

LogLevel warn

<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"=
"
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio
</IfModule>

CustomLog "logs/access.log" common
</IfModule>

<IfModule alias_module>
ScriptAlias /cgi-bin/ "C:/Arquivos de programas/Apache Software
Foundation/Apache2.2/cgi-bin/"
</IfModule>

<IfModule cgid_module>
</IfModule>

<Directory "C:/Arquivos de programas/Apache Software
Foundation/Apache2.2/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

*<Location "/svn">
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off

AuthName Subversion

SVNPath E:\SVN\repository0
DAV svn

SVNListParentPath on
SVNPathAuthz on

AuthLDAPUrl "ldap://
domain.com/dc=3Ddomain,dc=3Dcom?samAccountName?sub?(&(object Class=3DUser)(M=
emberOf=3DCN=3DGR_INT_SVN,OU=3DInternal,OU=3DAcessos,dc=3Ddo main,dc=3Dcom))
"
AuthLDAPBindDN "CN=3DSVNQueryUser,OU=3DQueryUsers,dc=3Ddomain,dc=3D=
com"
AuthLDAPBindPassword pass

require valid-user

</Location>

# Project 01
<Location "/svn/P01">
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off

AuthName Subversion_P01

AuthLDAPUrl "ldap://
domain.com/dc=3Ddomain,dc=3Dcom?samAccountName?sub?(&(object Class=3DUser)(M=
emberOf=3DCN=3DGR_INT_SVN_P01,OU=3DInternal,OU=3DAcessos,dc= 3Ddomain,dc=3Dc=
om))
"
AuthLDAPBindDN "CN=3DSVNQueryUser,OU=3DQueryUsers,dc=3Ddomain,dc=3D=
com"
AuthLDAPBindPassword pass
</location>*

<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>

################*####################**####################*


--
Att.
Bruno Galindro da Costa
bruno.galindro [at] gmail.com

--0016367657b98260a7047d0c701d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi,<br><br>=A0=A0=A0 I need to authenticate the users of my network to dist=
inguish directories of SVN with ldap_auth. The method that I used is throug=
h the <Location> tag. The following method that I use is the correct =
method to prevent users that isn=B4t inside the AD group GR_INT_SVN to acce=
ss the /svn location?<br>
<br>################ <b>Versions </b>################ <br>
Apache/2.2.9 (Win32) DAV/2 SVN/1.5.1<br>Windows Server 2003 Enterprise Edit=
ion<br>mod_authnz_ldap.so: 2.2.9<br><br><b></b>################ <b>httpd.co=
nf ####################<br><br></b>ServerRoot "C:/Arquivos de programa=
s/Apache Software Foundation/Apache2.2"<br>
<br>Listen 80<br><br>LoadModule actions_module modules/mod_actions.so<br>Lo=
adModule alias_module modules/mod_alias.so<br>LoadModule asis_module module=
s/mod_asis.so<br>LoadModule auth_basic_module modules/mod_auth_basic.so<br>
LoadModule authn_default_module modules/mod_authn_default.so<br>LoadModule =
authn_file_module modules/mod_authn_file.so<br>LoadModule authnz_ldap_modul=
e modules/mod_authnz_ldap.so<br>LoadModule authz_default_module modules/mod=
_authz_default.so<br>
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so<br>LoadMod=
ule authz_host_module modules/mod_authz_host.so<br>LoadModule authz_user_mo=
dule modules/mod_authz_user.so<br>LoadModule autoindex_module modules/mod_a=
utoindex.so<br>
LoadModule cgi_module modules/mod_cgi.so<br>LoadModule dav_module modules/m=
od_dav.so<br>LoadModule dav_fs_module modules/mod_dav_fs.so<br>LoadModule d=
ir_module modules/mod_dir.so<br>LoadModule env_module modules/mod_env.so<br=
>
LoadModule include_module modules/mod_include.so<br>LoadModule isapi_module=
modules/mod_isapi.so<br>LoadModule ldap_module modules/mod_ldap.so<br>Load=
Module log_config_module modules/mod_log_config.so<br>LoadModule mime_modul=
e modules/mod_mime.so<br>
LoadModule negotiation_module modules/mod_negotiation.so<br>LoadModule sete=
nvif_module modules/mod_setenvif.so<br><br>LoadModule dav_module modules/mo=
d_dav.so<br>LoadModule dav_svn_module modules/mod_dav_svn.so<br>LoadModule =
authz_svn_module modules/mod_authz_svn.so<br>
<br><IfModule !mpm_netware_module><br>=A0=A0 <IfModule !mpm_winnt_=
module><br>=A0=A0=A0=A0=A0 User daemon<br>=A0=A0=A0=A0=A0 Group daemon<b=
r>=A0=A0 </IfModule><br></IfModule><br><br>ServerAdmin <a href=
=3D"mailto:admin [at] domain.com">admin [at] domain.com</a><br>
<br>DocumentRoot "C:/Arquivos de programas/Apache Software Foundation/=
Apache2.2/htdocs"<br><br><Directory "C:/Arquivos de programas/=
Apache Software Foundation/Apache2.2/htdocs"><br>=A0=A0=A0 Options =
Indexes FollowSymLinks<br>
=A0=A0=A0 AllowOverride None<br>=A0=A0=A0 Order allow,deny<br>=A0=A0=A0 All=
ow from all<br></Directory><br><br><IfModule dir_module><br>=A0=
=A0=A0 DirectoryIndex index.html<br></IfModule><br><br><FilesMatch=
"^\.ht"><br>
=A0=A0=A0 Order allow,deny<br>=A0=A0=A0 Deny from all<br>=A0=A0=A0 Satisfy =
All<br></FilesMatch><br><br>ErrorLog "logs/error.log"<br><b=
r>LogLevel warn<br><br><IfModule log_config_module><br>=A0=A0=A0 LogF=
ormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"=
; \"%{User-Agent}i\"" combined<br>
=A0=A0=A0 LogFormat "%h %l %u %t \"%r\" %>s %b" comm=
on<br><br>=A0=A0=A0 <IfModule logio_module><br>=A0=A0=A0=A0=A0 LogFor=
mat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" =
\"%{User-Agent}i\" %I %O" combinedio<br>
=A0=A0=A0 </IfModule><br><br>=A0=A0=A0 CustomLog "logs/access.lo=
g" common<br></IfModule><br><br><IfModule alias_module><br=
>=A0=A0=A0 ScriptAlias /cgi-bin/ "C:/Arquivos de programas/Apache Soft=
ware Foundation/Apache2.2/cgi-bin/"<br>
</IfModule><br><br><IfModule cgid_module><br></IfModule><=
br><br><Directory "C:/Arquivos de programas/Apache Software Foundat=
ion/Apache2.2/cgi-bin"><br>=A0=A0=A0 AllowOverride None<br>=A0=A0=
=A0 Options None<br>
=A0=A0=A0 Order allow,deny<br>=A0=A0=A0 Allow from all<br></Directory>=
;<br><br>DefaultType text/plain<br><br><IfModule mime_module><br>=A0=
=A0=A0 TypesConfig conf/mime.types<br>=A0=A0=A0 AddType application/x-compr=
ess .Z<br>=A0=A0=A0 AddType application/x-gzip .gz .tgz<br>
</IfModule><br><br><IfModule ssl_module><br>SSLRandomSeed start=
up builtin<br>SSLRandomSeed connect builtin<br></IfModule><br><br><b>=
<Location "/svn"><br>=A0=A0=A0 AuthType Basic<br>=A0=A0=A0 =
AuthBasicProvider ldap<br>
=A0=A0=A0 AuthzLDAPAuthoritative off<br><br>=A0=A0=A0 AuthName Subversion<b=
r><br>=A0=A0=A0 SVNPath E:\SVN\repository0<br>=A0=A0=A0 DAV svn<br><br>=A0=
=A0=A0 SVNListParentPath on <br>=A0=A0=A0 SVNPathAuthz on <br><br>=A0=A0=A0=
AuthLDAPUrl "ldap://<a href=3D"http://domain.com/dc=3Ddomain,dc=3Dcom=
?samAccountName?sub?(&(objectClass=3DUser)(MemberOf=3DCN =3DGR_INT_SVN,O=
U=3DInternal,OU=3DAcessos,dc=3Ddomain,dc=3Dcom))">domain.com /dc=3Ddomain,dc=
=3Dcom?samAccountName?sub?(&(objectClass=3DUser)(MemberO f=3DCN=3DGR_INT=
_SVN,OU=3DInternal,OU=3DAcessos,dc=3Ddomain,dc=3Dcom))</a>"<br>
=A0=A0=A0=A0=A0=A0=A0 AuthLDAPBindDN "CN=3DSVNQueryUser,OU=3DQueryUser=
s,dc=3Ddomain,dc=3Dcom"<br>=A0=A0=A0=A0=A0=A0=A0 AuthLDAPBindPassword =
pass<br><br>=A0=A0=A0 require valid-user<br><br></Location><br><br># =
Project 01<br><Location "/svn/P01"><br>
=A0=A0=A0=A0=A0=A0=A0 AuthType Basic<br>=A0=A0=A0=A0=A0=A0=A0 AuthBasicProv=
ider ldap<br>=A0=A0=A0=A0=A0=A0=A0 AuthzLDAPAuthoritative off<br><br>=A0=A0=
=A0=A0=A0=A0=A0 AuthName Subversion_P01<br>=A0=A0=A0 <br>=A0=A0=A0=A0=A0=A0=
=A0 AuthLDAPUrl "ldap://<a href=3D"http://domain.com/dc=3Ddomain,dc=3D=
com?samAccountName?sub?(&(objectClass=3DUser)(MemberOf=3 DCN=3DGR_INT_SV=
N_P01,OU=3DInternal,OU=3DAcessos,dc=3Ddomain,dc=3Dcom))">dom ain.com/dc=3Ddo=
main,dc=3Dcom?samAccountName?sub?(&(objectClass=3DUser)( MemberOf=3DCN=
=3DGR_INT_SVN_P01,OU=3DInternal,OU=3DAcessos,dc=3Ddomain,dc= 3Dcom))</a>&quo=
t;<br>
=A0=A0=A0=A0=A0=A0=A0 AuthLDAPBindDN "CN=3DSVNQueryUser,OU=3DQueryUser=
s,dc=3Ddomain,dc=3Dcom"<br>=A0=A0=A0=A0=A0=A0=A0 AuthLDAPBindPassword =
pass<br></location></b><br><br><Directory /><br>=A0=A0=A0 Optio=
ns FollowSymLinks<br>=A0=A0=A0 AllowOverride None<br>
=A0=A0=A0 Order deny,allow<br>=A0=A0=A0 Allow from all<br></Directory>=
;<br><br>################<b>####################</b><b>####################=
</b><br><br><br>-- <br>Att.<br>Bruno Galindro da Costa<br><a href=3D"mailto=
:bruno.galindro [at] gmail.com">bruno.galindro [at] gmail.com</a><br>


--0016367657b98260a7047d0c701d--
Bruno Galindro da Cos [ Mi, 13 Januar 2010 15:18 ] [ ID #2028653 ]
Webserver » gmane.comp.apache.user » TAG <Location> and ldap_auth

Vorheriges Thema: Optimizing apache 2
Nächstes Thema: build 32 bit httpd on 64 bit RHEL

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum