--_000_60134F54165D634F8252A78C22A8A2424A786E05A5VSTLEXMAILP RD_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I am running Apache 2.2. I have the following configuration for apache curr=
ently and it works fine. I have ldap1 and ldap2 for authentication.
<AuthnProviderAlias ldap ldap1>
AuthLDAPURL ldap://aphelion-server:389/ou=3Dpeople,cn=3DAdministrativeLd a=
p,cn=3DApp,o=3Dorg
AuthLDAPBindDN "cn=3DManager"
AuthLDAPBindPassword "12345"
</AuthnProviderAlias>

<AuthnProviderAlias ldap ldap2>
AuthLDAPURL ldap://ADserver:3268/ DC=3Dmycompany,DC=3Dnet?sAMAccountName?=
sub?(objectClass=3D*)
AuthLDAPBindDN "CN=3Dproduser,OU=3Dxx,DC=3Dmycompany,DC=3Dnet"
AuthLDAPBindPassword "12345"
</AuthnProviderAlias>

<LocationMatch /loc1/rfa(;.*)?>
AuthzLDAPAuthoritative off
AuthName "Test"
Options -Indexes
AuthType Basic
AuthBasicProvider ldap1 ldap2
require valid-user
</LocationMatch>

The new requirement is to keep ldap1 as it is but authenticate users from a=
security group for ldap2. The security group is CN=3DApp_Users,OU=3DAll Gr=
oups,DC=3Dmycompany,DC=3Dnet.
I have tried the following config.
<LocationMatch /loc1/rfa(;.*)?>
AuthzLDAPAuthoritative on
AuthName "Test"
Options -Indexes
AuthType Basic
AuthBasicProvider ldap1 ldap2
AuthLDAPURL ldap://ADServer:3268/DC=3Dmycompany,DC=3Dnet?sAMAccountName? s=
ub?(objectClass=3D*)
AuthLDAPBindDN "CN=3Dproduser, OU=3Dxx,DC=3Dmycompany,DC=3Dnet"
AuthLDAPBindPassword "12345"
require ldap-group CN=3DApp_Users,OU=3DAll Groups,DC=3Dmycompany,DC=3Dnet
AuthLDAPGroupAttributeIsDN on
require ldap-dn uid=3Duser1, ou=3Dpeople,cn=3DAdministrativeLdap,cn=3DApp=
,o=3Dorg
#require valid-user
</LocationMatch>

This config works for ldap2 and it checks if user belongs to the security g=
roup. But I don't want to check the security group access for ldap1. I put =
the require ldap-dn directive but it only authorizes user user1 and I am no=
t sure how to authorize all users from ldap1.
Thanks,
AL

--_000_60134F54165D634F8252A78C22A8A2424A786E05A5VSTLEXMAILP RD_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
[at] font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
..MsoChpDefault
{mso-style-type:export-only;}
[at] page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal>I am running Apache 2.2. I have the following configur=
ation for
apache currently and it works fine. I have ldap1 and ldap2 for authenticati=
on.<br>
<AuthnProviderAlias ldap ldap1><o:p></o:p></p>

<p class=3DMsoNormal>  AuthLDAPURL ldap://aphelion-server:389/ou=3Dpeo=
ple,cn=3DAdministrativeLdap,cn=3DApp,o=3Dorg<o:p></o:p></p>

<p class=3DMsoNormal>  AuthLDAPBindDN "cn=3DManager"<o:p></o=
:p></p>

<p class=3DMsoNormal>  AuthLDAPBindPassword "12345"<o:p></o:=
p></p>

<p class=3DMsoNormal></AuthnProviderAlias><o:p></o:p></p>

<p class=3DMsoNormal><o:p> </o:p></p>

<p class=3DMsoNormal><AuthnProviderAlias ldap ldap2><o:p></o:p></p>

<p class=3DMsoNormal>  AuthLDAPURL ldap://ADserver:3268/ DC=3Dmycompan=
y,DC=3Dnet?sAMAccountName?sub?(objectClass=3D*)<o:p></o:p></p>

<p class=3DMsoNormal>  AuthLDAPBindDN "CN=3Dproduser,OU=3Dxx,DC=
=3Dmycompany,DC=3Dnet"<o:p></o:p></p>

<p class=3DMsoNormal>  AuthLDAPBindPassword "12345"<o:p></o:=
p></p>

<p class=3DMsoNormal></AuthnProviderAlias><o:p></o:p></p>

<p class=3DMsoNormal><o:p> </o:p></p>

<p class=3DMsoNormal><LocationMatch /loc1/rfa(;.*)?><o:p></o:p></p>

<p class=3DMsoNormal>  AuthzLDAPAuthoritative off<o:p></o:p></p>

<p class=3DMsoNormal>  AuthName "Test"<o:p></o:p></p>

<p class=3DMsoNormal>  Options -Indexes<o:p></o:p></p>

<p class=3DMsoNormal>  AuthType Basic<o:p></o:p></p>

<p class=3DMsoNormal>  AuthBasicProvider ldap1 ldap2<o:p></o:p></p>

<p class=3DMsoNormal>  require valid-user<o:p></o:p></p>

<p class=3DMsoNormal></LocationMatch><o:p></o:p></p>

<p class=3DMsoNormal><o:p> </o:p></p>

<p class=3DMsoNormal>The new requirement is to keep ldap1 as it is but
authenticate users from a security group for ldap2. The security group is C=
N=3DApp_Users,OU=3DAll
Groups,DC=3Dmycompany,DC=3Dnet. <br>
I have tried the following config.<o:p></o:p></p>

<p class=3DMsoNormal><LocationMatch /loc1/rfa(;.*)?><o:p></o:p></p>

<p class=3DMsoNormal>  AuthzLDAPAuthoritative on<o:p></o:p></p>

<p class=3DMsoNormal>  AuthName "Test"<o:p></o:p></p>

<p class=3DMsoNormal>  Options -Indexes<o:p></o:p></p>

<p class=3DMsoNormal>  AuthType Basic<o:p></o:p></p>

<p class=3DMsoNormal>  AuthBasicProvider ldap1 ldap2<o:p></o:p></p>

<p class=3DMsoNormal>  AuthLDAPURL ldap://ADServer:3268/DC=3Dmycompany=
,DC=3Dnet?sAMAccountName?sub?(objectClass=3D*)<o:p></o:p></p>

<p class=3DMsoNormal>  AuthLDAPBindDN "CN=3Dproduser, OU=3Dxx,DC=
=3Dmycompany,DC=3Dnet"<o:p></o:p></p>

<p class=3DMsoNormal>  AuthLDAPBindPassword "12345"<o:p></o:=
p></p>

<p class=3DMsoNormal>  require ldap-group CN=3DApp_Users,OU=3DAll Grou=
ps,DC=3Dmycompany,DC=3Dnet<o:p></o:p></p>

<p class=3DMsoNormal>  AuthLDAPGroupAttributeIsDN on<o:p></o:p></p>

<p class=3DMsoNormal>  require ldap-dn uid=3Duser1, ou=3Dpeople,cn=3DA=
dministrativeLdap,cn=3DApp,o=3Dorg<o:p></o:p></p>

<p class=3DMsoNormal>  #require valid-user<o:p></o:p></p>

<p class=3DMsoNormal></LocationMatch><br>
<br>
<o:p></o:p></p>

<p class=3DMsoNormal>This config works for ldap2 and it checks if user belo=
ngs to
the security group. But I don’t want to check the security group acce=
ss
for ldap1. I put the require ldap-dn directive but it only authorizes user
user1 and I am not sure how to authorize all users from ldap1.<o:p></o:p></=
p>

<p class=3DMsoNormal>Thanks,<br>
AL<o:p></o:p></p>

</div>

</body>

</html>

--_000_60134F54165D634F8252A78C22A8A2424A786E05A5VSTLEXMAILP RD_--

On Fri, Feb 5, 2010 at 1:32 PM, Al Sarraf <asarraf [at] brownshoe.com> wrote:
> I am running Apache 2.2. I have the following configuration for apache
> currently and it works fine. I have ldap1 and ldap2 for authentication.
> <AuthnProviderAlias ldap ldap1>

You can't use two different AuthLDAPURL's in the same context, even
when you hide them behind the alias.

--
Eric Covener
covener [at] gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe [at] httpd.apache.org
" from the digest: users-digest-unsubscribe [at] httpd.apache.org
For additional commands, e-mail: users-help [at] httpd.apache.org