I have been trying to implement group-based authentication using LDAP.
But have yet to find the secret. I have been able to implement
individual authentication using the “require ldap-user [username]”
directive successfully.
Some background information: I am using FreeBSD 7.2, Apache 2.2, and
OpenLDAP 2.4. Initially I set up 3 directories for my research and
verified that I reached the targeted documents successfully before
beginning to implement authentication. Then I implemented the ldap-user
authentication successfully on one directory.
Back to my challenge with group authentication: Here is the output of
the LDAP search “ldapsearch -x -W -D
'cn=Manager,dc=my,dc=mydomain,dc=com' -v -b
'ou=groups,dc=my,dc=mydomain,dc=com'
# extended LDIF
#
# LDAPv3
# base <ou=groups,dc=my,dc=mydomain,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# groups, my.mydomain.com
dn: ou=groups,dc=my,dc=mydomain,dc=com
ou: groups
description: my.mydomain groups
objectClass: organizationalUnit
# SuperTeam, groups, my.mydomain.com
dn: cn=SuperTeam,ou=groups,dc=my,dc=mydomain,dc=com
ou: groups
description: People who are employees of Super Team
uniqueMember: uid=jeffshearer,dc=my,dc=mydomain,dc=com
uniqueMember: uid=maeshearer,dc=my,dc=mydomain,dc=com
objectClass: groupOfUniqueNames
cn: SuperTeam
# SuperGroup, groups, my.mydomain.com
dn: cn=SuperGroup,ou=groups,dc=my,dc=mydomain,dc=com
ou: groups
description: People who are employees of Super Group
uniqueMember: uid=jacksonshearer,dc=my,dc=mydomain,dc=com
uniqueMember: uid=larryfordham,dc=my,dc=mydomain,dc=com
uniqueMember: uid=spamimoron,dc=my,dc=mydomain,dc=com
objectClass: groupOfUniqueNames
cn: SuperGroup
# search result
search: 2
result: 0 Success
# numResponses: 4
# numEntries: 3
I have tried a number of configurations for group authenticaiton, all
without success. Following is the current iteration of my apache
configuration for the superteam.docs directory:
<Directory /files/superteam.docs>
AuthType basic
AuthName "Super Team Members Only"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPBindDN "cn=Manager,dc=my,dc=mydomain,dc=com"
AuthLDAPBindPassword "secret"
AuthLDAPGroupAttribute uniqueMember
AuthLDAPGroupAttributeIsDN off
AuthLDAPURL
"ldap://192.168.0.92:389/ou=groups,dc=my,dc=mydomain,dc=com?cn=SuperTeam?";
Require ldap-group cn=SuperTeam,ou=groups
AllowOverride None
Order allow,deny
Allow from all
Options +Includes
XbitHack on
</Directory>
Not that I have an alias for /superteam to /files/superteam.docs
Thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
