DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43798>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43798 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From [EMAIL PROTECTED] 2008-02-06 16:44 ------- This is actually working as designed. Authentication and autorization are two different functions. Since the LDAP URL was specified in an <AuthnProviderAlias> section, the directives in that section only apply to authentication or Authn. They do not apply to authorization or authz. Therefore, an LDAP URL still needs to be defined if the authorization functionality requires it such as in an 'require ldap-group xxx' situation. The unfortunate thing is that this is not intuitive in apache 2.2. It will make a little more sense in Apache 2.4 when the directive section <RequireAlias ... > is introduced. This will allow both the authentication and authorization functionality to be independently configured with separate LDAP information if desired. An equivalent <RequireAlias> would appear as: <RequireAlias ldap-group my-ldap-group cn=xxx,ou=groups,dc=xxx,dc=fr> AuthLDAPURL ldap://xxx/ou=people,dc=xxx,dc=fr ... </RequireAlias> <Directory ..> ... Require my-ldap-group </Directory> -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
