so, like this? AuthBasicProvider ldap AuthLDAPURL "ldaps://ipa01.hostname.de:636 ipa02.hostname.de:636/cn=users,cn=accounts,dc=domain,dc=de?member" require ldap-group webtest
does not work for me? "user sebastian not found". Here you are able to see that i am a member of the group: dn: cn=webtest,cn=groups,cn=compat,dc=domain,dc=de gidNumber: 101010 memberUid: sebastian i also tried using the above dn. BR and thanks! On 22.05.2017 16:23, wouter.hummel...@kpn.com wrote: > Use Require ldap-group <groupname> > > Apache's ldap implementation supports looking up group membership. > > The attribute on the group is member > > > > Verzonden vanaf mijn Samsung-apparaat > > > -------- Oorspronkelijk bericht -------- > Van: Sebastian Kösters <skoest...@gmx.de> > Datum: 22-05-17 16:11 (GMT+01:00) > Aan: Peter Fern <free...@0xc0dedbad.com>, > freeipa-users@lists.fedorahosted.org > Onderwerp: [Freeipa-users] Re: freeipa ldap + htaccess question > > Hi, > > i also already tried this :) ...also with the groups DN (which i found > via ldapsearch). > > Sadly it did not help. > > BR > > On 22.05.2017 16:05, Peter Fern wrote: >> The gidNumber attribute is just the primary group. You won't see any >> supplementary groups there, just like /etc/passwd. Use memberOf with >> the group's DN or something for supplimentary groups. >> >> If you want to see what the data looks like in the directory, just use >> ldapsearch - this is all standard LDAP stuff, you just need to >> understand the schemas that are used. >> >> On 22/05/17 23:19, Sebastian Kösters wrote: >>> Hi all! >>> >>> i have a question about the use of LDAP with .htaccess in freeIPA. >>> >>> i am using freeIPA (V. 4.4.0-14 with CentOS 7). I now wanted to also use >>> .htaccess with LDAP. >>> >>> My first try was this: >>> >>> --- >>> >>> Order allow,deny >>> Allow from all >>> AuthName "test" >>> AuthType Basic >>> AuthBasicProvider ldap >>> AuthLDAPURL "ldaps://ipa01.hostname.de:636 >>> ipa02.hostname.de:636/cn=users,cn=accounts,dc=domain,dc=de?uid" >>> Require valid-user >>> >>> --- >>> >>> This works perfectly fine for users i created in the freeIPA Webinterface. >>> >>> I now have to make some changes. Some Users should be able to login on >>> the Website that uses the .htaccess and some should not be able to login. >>> >>> So i decided to create a group and add all users, which should be allowd >>> to login via .htaccess. >>> >>> So my first try was this: >>> >>> --- >>> >>> [...] >>> Require ldap-attribute gidNumber=101010 >>> [...] >>> >>> --- >>> >>> 101010 is the gid of my newly created group (webtest). That did not >>> work. If i use the gid of the "main" group of the users, its working >>> fine (the user is definitely part of the new group). >>> >>> I also tried several other ways if found with the help of google, to >>> only allow users which are member of the group to have access, but every >>> attempt failed. >>> >>> Maybe one of you guys is able to help me?! >>> >>> Thank you and best regards >>> Sebastian >>> _______________________________________________ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> > > -- > *!!!!!!!!!!GMX GMX GMX GMX GMX!!!!!!!!!!* > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > -- *!!!!!!!!!!GMX GMX GMX GMX GMX!!!!!!!!!!* _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
