> Hi,
>
> according to apache documentation in
> https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#reqgroup, the
> full group DN must be specified:
>
> ----- 8< -----
> Require ldap-group
> This directive specifies an LDAP group whose members are allowed access. It
> takes the distinguished name of the LDAP group. Note: Do not surround the
> group name with quotes. For example, assume that the following entry
> existed in the LDAP directory:
>
> dn: cn=Administrators, o=Example
> objectClass: groupOfUniqueNames
> uniqueMember: cn=Barbara Jenson, o=Example
> uniqueMember: cn=Fred User, o=Example
>
> The following directive would grant access to both Fred and Barbara:
>
> Require ldap-group cn=Administrators, o=Example
>
> ---- >8 -----
> flo
>
> On Wed, Jan 12, 2022 at 8:15 PM Simon Matthews via FreeIPA-users <
> freeipa-users(a)lists.fedorahosted.org> wrote:
Thank you for your help. I was able to get it working. Note that I had to set
AuthLDAPGroupAttributeIsDN on
while the FreeIPA documentation instructs you to turn this off.
https://www.freeipa.org/page/Apache_Group_Based_Authorization
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
