I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well. I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
AuthBasicProvider ldap anon
Allow from all
This part by itself works for the LDAP authentication:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
But if I have both of the previous blocks enabled at once, then guest access does not work.
If I throw in a "Satisfy any", then I am not prompted for a username at all.
How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?