Thanks for the reply Eric.
I agree that having 2 LDAPURLs is not the problem, because a configuration containing 2 LDAPURLs works if I replace my "require ldap-group" directives with a simple "require valid-user". But thanks for trying. Sent from Outlook<http://aka.ms/weboutlook> ________________________________ From: Eric Covener <[email protected]> Sent: Wednesday, July 5, 2017 12:20 PM To: [email protected] Subject: Re: [users@httpd] Apache configuration for multi-domain, multi-group access On Wed, Jul 5, 2017 at 3:18 PM, Eric Covener <[email protected]> wrote: > On Wed, Jul 5, 2017 at 3:04 PM, Un Spammable <[email protected]> wrote: >> I've looked at many other discussions of similar configurations, and tried >> many suggestions I found there, but they have not helped. However I have not >> found any samples that use multiple ldap-groups located in different >> domains. > > I don't have a solution, but I see in my notes that I once wrote that > you couldn't use two AuthLDAPURL's in 1 section even when you hide > them behind <AuthNProviderAlias> > > The reason is likely that the LDAP server details are owned by > mod_ldap config, but AuthNProviderAlias only creates a custom config > for the actual authentication provider, mod_authnz_ldap. Ignore this, totally wrong. I think what I am misremembering is that if you do this for authentication, it won't still be present for authorization (require) -- Eric Covener [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
