Danie Qian wrote:
Thank you for the kind words. I am a little overwhelmed by the
complexity of mod_dbd.c, especially its use of dbd_group_t. I couldnt
find any notes for it so I wish someone here could shed some light on it
for me and anyone interested.
There do not seem to any group-related diretives for mod_authn_dbd, but
it is pretty easy to put any group checks directly into the SQL.
Here is an example, translated into MySQL SQL (I think. I didn't really
test this with MySQL so I might have missed something...):
DBDriver mysql
DBDParams "...credentials..."
DBDExptime 28800
DBDKeep 0
DBDMax 30
DBDMin 0
<Directory ...AP_Dir... >
AuthType Basic
AuthName "Accounts Payable"
AuthBasicProvider dbd
AuthDBDUserPWQuery \
"SELECT CONCAT('{SHA}', A.pwhash) AS Password \
FROM apacheusers A, apachegroups B \
WHERE A.username = %s \
AND CURRENT_DATE < A.Expires \
AND B.username = A.username \
AND B.apachegroup = 'AP';"
Require valid-user
</Directory>
<Directory ...AR_Dir... >
AuthType Basic
AuthName "Accounts Receivable"
AuthBasicProvider dbd
AuthDBDUserPWQuery \
"SELECT CONCAT('{SHA}', A.pwhash) AS Password \
FROM apacheusers A, apachegroups B \
WHERE A.username = %s \
AND CURRENT_DATE < A.Expires \
AND B.username = A.username \
AND B.apachegroup = 'AR';"
Require valid-user
</Directory>
