LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-24-2014, 07:11 AM   #1
ngiw2012
LQ Newbie
 
Registered: Jun 2014
Posts: 13

Rep: Reputation: Disabled
How to do different authorization to different users in Apache ?


I want different Authorization for internal users and external Users:

For internal Users : Require IP IP_Address

for External Users: authorization using LDAP

How can I achieve this?

I try to use different Require tag like this:

<Directory /var/www/html/directory>
AuthName "LDAP Authentication"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPauthoritative off
AuthLDAPURL ldap://192.168.1.3/dc=example,dc=com?uid?sub?(objectClass=*)
Require valid-user
Order deny,allow
Allow from 192.168.1
Satisfy any
Require ip 192.168.1.2
</Directory>

the LDAP authorization work fine, but ALL the users with IP 192.168.1.x can reach this directory even with this rule ( Require ip 192.168.1.2) ??? why other IPs can do this even I allow only 192.168.1.2 using Require(Require ip 192.168.1.2)???
 
Old 07-24-2014, 08:50 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,176
Blog Entries: 1

Rep: Reputation: 2043Reputation: 2043Reputation: 2043Reputation: 2043Reputation: 2043Reputation: 2043Reputation: 2043Reputation: 2043Reputation: 2043Reputation: 2043Reputation: 2043
Quote:
ALL the users with IP 192.168.1.x can reach this directory even with this rule ( Require ip 192.168.1.2) ??? why other IPs can do this even I allow only 192.168.1.2 using Require(Require ip 192.168.1.2)???
This is because of the "Satisfy any" directive. With this option apache authorizes users by one of the 3 possible ways: by Authldap, by the "Allow from...", or at last by the "Require ..." options.
You should remove the "Allow from 192.168.1" and change Order to:
Code:
Order allow,deny
Regards
 
Old 07-24-2014, 09:08 AM   #3
ngiw2012
LQ Newbie
 
Registered: Jun 2014
Posts: 13

Original Poster
Rep: Reputation: Disabled
Thanks for your reply.
 
  


Reply

Tags
apache authentication, apache2


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Apache authentication and authorization using LDAP LXer Syndicated Linux News 0 10-31-2007 03:50 PM
apache, MySQL and authorization gw1500se Mandriva 4 04-11-2007 04:46 PM
Apache question....authorization and multiple servers geekdevil Linux - Software 3 01-13-2005 02:11 PM
Apache authorization Sherpa Linux - Software 4 04-25-2004 10:38 AM
Help with Apache 1.3 and Proxy-Authorization registering Linux - Security 2 09-16-2003 01:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration