I do not know the solution for your particular problem.
A small hint however, try going with spnego/kerberos.
IMHO You should be able to achieve something like this out of the box with
HBAC rules via the freeipa web interface.
On Mon, May 22, 2017 at 3:19 PM, Sebastian Kösters <skoest...@gmx.de> wrote:
> Hi all!
> i have a question about the use of LDAP with .htaccess in freeIPA.
> i am using freeIPA (V. 4.4.0-14 with CentOS 7). I now wanted to also use
> .htaccess with LDAP.
> My first try was this:
> Order allow,deny
> Allow from all
> AuthName "test"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPURL "ldaps://ipa01.hostname.de:636
> Require valid-user
> This works perfectly fine for users i created in the freeIPA Webinterface.
> I now have to make some changes. Some Users should be able to login on
> the Website that uses the .htaccess and some should not be able to login.
> So i decided to create a group and add all users, which should be allowd
> to login via .htaccess.
> So my first try was this:
> Require ldap-attribute gidNumber=101010
> 101010 is the gid of my newly created group (webtest). That did not
> work. If i use the gid of the "main" group of the users, its working
> fine (the user is definitely part of the new group).
> I also tried several other ways if found with the help of google, to
> only allow users which are member of the group to have access, but every
> attempt failed.
> Maybe one of you guys is able to help me?!
> Thank you and best regards
> FreeIPA-users mailing list -- firstname.lastname@example.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Network Security Engineer
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org