Have you tried using the ldap-group directive?

Require ldap-group cn=somegroup,cn=groups,cn=accounts,dc=example,dc=com

C

On Mon, May 22, 2017 at 7:19 AM, Sebastian Kösters <skoest...@gmx.de> wrote:

> Hi all!
>
> i have a question about the use of LDAP with .htaccess in freeIPA.
>
> i am using freeIPA (V. 4.4.0-14 with CentOS 7). I now wanted to also use
> .htaccess with LDAP.
>
> My first try was this:
>
> ---
>
> Order allow,deny
> Allow from all
> AuthName "test"
> AuthType Basic
> AuthBasicProvider ldap
> AuthLDAPURL "ldaps://ipa01.hostname.de:636
> ipa02.hostname.de:636/cn=users,cn=accounts,dc=domain,dc=de?uid"
> Require valid-user
>
> ---
>
> This works perfectly fine for users i created in the freeIPA Webinterface.
>
> I now have to make some changes. Some Users should be able to login on
> the Website that uses the .htaccess and some should not be able to login.
>
> So i decided to create a group and add all users, which should be allowd
> to login via .htaccess.
>
> So my first try was this:
>
> ---
>
> [...]
> Require ldap-attribute gidNumber=101010
> [...]
>
> ---
>
> 101010 is the gid of my newly created group (webtest). That did not
> work. If i use the gid of the "main" group of the users, its working
> fine (the user is definitely part of the new group).
>
> I also tried several other ways if found with the help of google, to
> only allow users which are member of the group to have access, but every
> attempt failed.
>
> Maybe one of you guys is able to help me?!
>
> Thank you and best regards
> Sebastian
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>



-- 
Regards,

Cameron Christensen
Manager, Security and Infrastructure
UK2 Group
Phone: 1-800-222-2165
E-mail: cameron.christen...@uk2group.com
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to