Using Apache 2.2.14 on Ubuntu 10.04, I am trying to protect a folder with LDAP authentication. Our LDAP server is running Novell eDirectory.
All our users are in subgroups of ou=Users,ou=Directory,o=IC. Like this:
- ou=Managers,ou=Users,ou=Directory,o=IC
- ou=Employees,ou=Users,ou=Directory,o=IC
- ou=Misc,ou=Users,ou=Directory,o=IC
- ou=Outsiders,ou=Users,ou=Directory,o=IC
I want all of ou=Users,ou=Directory,o=IC to be able to access my folder, except those in ou=Outsiders,ou=Users,ou=Directory,o=IC.
I can get into my folder with my LDAP log in information using the following settings, but it doesn't block users in the Outsiders group:
AuthName "Login Required: please enter your L-number and PIN"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL ldaps://ldap.example.com/ou=Users,ou=Directory,o=IC?cn?sub?(objectclass=Person)
Require ldap-filter (|(cn=*,ou=Managers,ou=Users,ou=Directory,o=IC)(cn=*,ou=Employees,ou=Users,ou=Directory,o=IC)(cn=*,ou=Misc,ou=Users,ou=Directory,o=IC))
AuthLDAPBindDN cn=binder,ou=Admin,ou=Directory,o=IC
AuthLDAPBindPassword password
I've tried:
- Require valid-user
- Various AuthLDAPURLs
- Require ldap-group for only the groups I want.
- Other searches for the Require ldap-filter, like not having "cn=*" in it.
Everything either doesn't let me in, throws a 500 error, or lets members of ou=Outsiders,ou=Users,ou=Directory,o=IC in.
So, how do I keep members of ou=Outsiders,ou=Users,ou=Directory,o=IC out of my folder?
Assuming that I have 2 groups with following structure:
You can list all users either in IT or in HR department by executing:
So, you should try with
ldapsearchfrom the command line first:If it work, edit the
mod_authz_ldapconfiguration file as belows: