LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-25-2011, 09:04 AM   #1
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,644

Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Apache authentication: allow LDAP group OR user named guest, but not all LDAP users


Hi,

I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well. I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.

This is the common part:
Code:
    AuthType Basic
    AuthBasicProvider ldap anon
    Order allow,deny
    Allow from all
This part by itself works for the LDAP authentication:
Code:
    AuthName "System Admins"
    AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
    Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
    Anonymous guest
    Anonymous_VerifyEmail Off
    Anonymous_MustGiveEmail Off
    Anonymous_LogEmail on
    Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work.

If I throw in a "Satisfy any", then I am not prompted for a username at all.

How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?

Last edited by AlucardZero; 05-25-2011 at 09:06 AM.
 
Old 05-25-2011, 03:21 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,644

Original Poster
Rep: Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523Reputation: 523
Add:
Code:
AuthzLDAPAuthoritative off
Remove:
Code:
Require valid-user
Add:
Code:
Require user guest
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
adding group membership to ldap users seeberg Linux - Server 0 11-09-2010 04:51 AM
vsftpd authentication against ldap users haariseshu Linux - Server 2 03-03-2009 11:27 AM
filtering by group using squid + ldap as authentication hackintosh Linux - Server 3 10-25-2007 10:49 AM
Apache LDAP Group asommer Linux - Software 0 04-13-2007 02:46 PM
Duplicate users in both local group and LDAP? PhillipHuang Linux - Software 1 11-09-2006 03:03 AM


All times are GMT -5. The time now is 11:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration