Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I don't know if this is the right forum to put this in, but if I'm wrong, please move this post! Okay, what I am trying to do is authenticate users through ldap to access a page on apache. My config works to a certain degree, but I need more "require" statements. Here's my httpd.conf:
The problem I'm having is that if I use anything other than fakeuser, then authentication fails, even if the user is part of the ldap-group LabTechs. This is because only one query is made: the require ldap-user statement. After this statement is denied, it doesn't check the ldap-group statement. Is there any way I could make this work, or have multiple require statements? I would prefer not to have to put the username and the group into another group, because it seems inconvenient by comparison.
I should note that this config DOES work for me, but it only authenticates the fakeuser, not the LabTechs group.
I guess I worded that a little weird, but what I was trying to say is that the reason I need both those statements is because that user isn't part of that group, and I would like not having to put fakeuser and Labtechs in the same group.
Thanks for the response though! Any more suggestions?
Thanks bathory, your help is very much appreciated! I couldn't read that documentation well, I had looked at it before, but I think that might work.
However, I can't test that until Monday, and I'm wondering if I would be able to put the exact path to the OU Labtechs since it's not in the same location as the LDAP URL? Either that or I guess I need to change the LDAP URL to something higher up on the tree so I can search differently. There's supposed to be a way that I can search recursively, but I don't understand the objectclass things and the search filters. I also learned I need to include a third group, which I'll call Fake_Admins. Here's a better view of how the tree looks