LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Apache authentication: allow LDAP group OR user named guest, but not all LDAP users (http://www.linuxquestions.org/questions/linux-server-73/apache-authentication-allow-ldap-group-or-user-named-guest-but-not-all-ldap-users-882617/)

AlucardZero 05-25-2011 09:04 AM

Apache authentication: allow LDAP group OR user named guest, but not all LDAP users
 
Hi,

I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well. I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.

This is the common part:
Code:

    AuthType Basic
    AuthBasicProvider ldap anon
    Order allow,deny
    Allow from all

This part by itself works for the LDAP authentication:
Code:

    AuthName "System Admins"
    AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
    Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com

This part works by itself for guest access:
Code:

    Anonymous guest
    Anonymous_VerifyEmail Off
    Anonymous_MustGiveEmail Off
    Anonymous_LogEmail on
    Require valid-user

But if I have both of the previous blocks enabled at once, then guest access does not work.

If I throw in a "Satisfy any", then I am not prompted for a username at all.

How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?

AlucardZero 05-25-2011 03:21 PM

Add:
Code:

AuthzLDAPAuthoritative off
Remove:
Code:

Require valid-user
Add:
Code:

Require user guest


All times are GMT -5. The time now is 04:03 PM.