A couple of things: First, you refer to "parts" of a web site. In my experience, that can mean different things in different situations -- you might just be referring to different directories/folders and files, or you might have different parts of sites controlled by different frameworks/packages. As they say, the devil's in the details, so while Apache and mod_auth_cas (and other modules) provide lots of flexibility and granularity in configuration, whether you can do exactly what you need to do will depend on the details.
Second, you bring groups into the equation (rather than users), and that makes things somewhat more complicated. CAS/mod_auth_cas has some capability of dealing directly with groups, but similarly, it depends on the details -- e.g., what version of CAS you're using, what LDAP server you have, how it's configured. I have less experience with this directly myself, but under certain circumstances, it should be possible to get group information via CAS and to use directives available in mod_auth_cas to control access using that group information. For instance, there was a thread recently, titled "CAS 4.0 w/ OpenLDAP won't return memberOf attribute", that dealt with getting group info in CAS. Additionally, you may be able to use some LDAP module (mod_authnz_ldap?) on top of CAS to get group information and use it for authorization. That's not as convenient/seamless as using CAS directly, but may be necessary. Milt Epstein Programmer in Computational Genomics Institute for Genomic Biology (IGB) University of Illinois at Urbana-Champaign (UIUC) [email protected] On Sun, 29 Mar 2015, Chris Cheltenham wrote: > Thanks Milt, > > In out web site all the folks are authenticated through LDAP. > > Some folks need to see some parts of the web site but not all the parts. > > Somehow I have to segregate what users can or cannot see. > > I found one page online about using ldap groups and configuring > mod_auth_ldap or authz. > That will then be configured in mod auth cas to point to ldap for group > access I gues??? > Not sure > > Other than that I have found mothing. > > > > Thank You, > > Chris Cheltenham > SwainTechs / HHS > > Cell# 267-586-2369 > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Milt Epstein > Sent: Sunday, March 29, 2015 5:11 PM > To: [email protected] > Subject: Re: [cas-user] mod_auth_cas > > What exactly are you trying to do, and what have you tried so far? > > You should just be able to use appropriate "Require" directives, such as > "Require valid-user" or "Require user username" (where "username" > is a valid username). > > Milt Epstein > Programmer in Computational Genomics > Institute for Genomic Biology (IGB) > University of Illinois at Urbana-Champaign (UIUC) [email protected] > > > On Sun, 29 Mar 2015, Chris Cheltenham wrote: > > > > > Hello Everyone, > > > > Does anyone who uses mod_auth_cas know how to configure mod_auth_cas to > > segregate specific users from getting to some pages but allow them to > > others? > > > > So far, I ahev only figured out how to allow everyone who authenticates to > > get to the the page / dir called in the config file. Not just some people > > can see a page and some cannot. > > > > > > > > Thank You, > > > > Chris Cheltenham > > SwainTechs / HHS > > > > Cell# 267-586-2369 > > > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] To unsubscribe, change settings or access > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
