Re: "require group" & LDAP Authentication

From: Adam <techy4hire_at_yahoo.com>
Date: 2005-07-13 00:35:59 CEST

Here is my setup (which works):

# We will use OpenLDAP Authentication
AuthName "T3 Subversion Repositories"
AuthType Basic
AuthLDAPAuthoritative on
AuthLDAPEnabled on
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute memberUid
AuthLDAPUrl
ldap://localhost:389/ou=users,o=COMPANY?uid

# Only system administrators need access here.
Require group cn=system-admins, ou=groups, o=COMPANY

To give you an idea of what my LDAP directory looks
like (very simple), here is a group entry:

#################################################################
# Create the system-admins objectClass: posixGroup
#################################################################
dn: cn=system-admins,ou=groups,o=COMPANY
objectClass: posixGroup
objectClass: top
cn: system-admins
gidNumber: 300
description: This group will have privs to access
system config repos.
memberUid: uid=FIRST.LAST,ou=users,o=COMPANY

--- hkatz@iscs-i.com wrote:

> Hello,
> Has anyone successfully gotten the require group
> directive to work against
> an LDAP URL using the config file setup under
> apache2? Something like this:
>
> AuthLDAPUrl
>
"ldap://mx.foo.com:1389/dc=foo,dc=com?uid?sub?(objectCla
> ss=*)"
> AuthLDAPGroupAttributeIsDN On
> AuthLDAPGroupAttribute member
> AuthLDAPGroupAttribute uniquemember
> #Require valid-user
> Require group "cn=foo Portal
> AD,ou=Groups,ou=Pr,dc=foo,dc=com"
>
> When I try to connect it allows anyone access even
> those not in the group.
>
> Strace on the pid suggests that no group info is
> sent upon apache2 startup
> or upon the http request. Any successes out there?
>
> Thanks,
> Henry
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail:
> users-help@subversion.tigris.org
>
>

===== START SIGNATURE =====
Kites rise highest against the wind -- not with it.
-- Winston Churchill

It is better to be hated for what you are than loved for what you are not.
- Andre Gide

If you always do what you've always done you'll always be where you've always been.
-- Bill Purvis;
http://www.cascadehills.com/events/sermons.asp

Blog: http://blogs.whyaskwhy.org/deoren/
===== END SIGNATURE =====

____________________________________________________
Sell on Yahoo! Auctions – no fees. Bid on great items.
http://auctions.yahoo.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 13 01:07:25 2005

This message: [ Message body ]
Next message: Stephen Webb: "update over ssh on WC checked out with svn://"
Previous message: Nick Zisk: "SuSe 9.0 ent package install help."
In reply to: hkatz_at_iscs-i.com: ""require group" & LDAP Authentication"
Next in thread: hkatz_at_iscs-i.com: "Re: "require group" & LDAP Authentication"
Reply: hkatz_at_iscs-i.com: "Re: "require group" & LDAP Authentication"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]