mod_auth_ldap

Hi everyone!!
I am using this modue to auth the users thru an LDAP server, but know i have
more users in another LDAP server for another domain, does anyone knows how
to do this?
This is my config now:
<Directory "/opt/globant/mediawiki-1.6.9-infra">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
AuthName "Infra Login Users"
AuthType Basic
AuthLDAPURL ldap://
10.90.0.2/DC=com?sAMAccountName?sub?(objectClass=user)
AuthLDAPBindDN "ACCF165\ldapusr"
AuthLDAPBindPassword "globant25k"
AuthType Basic
Require group cn=wiki_acc_usrs,OU=People,DC=accendra,DC=com
Satisfy Any

</Directory>

I'm not sure I am understanding your question:

By "for another domain", do you mean another "site" ? If so, use
<VirtualHost> to define each domain and use the appropiate LDAP server
for each one.

If you want to authenticate users against two unrelated LDAP domains,
then you may look if there is a way to specify multiple servers in the
authLDAPUrl directive. I think this is not possible.


________________________________

From: Juan Pablo Roig [mailto:juan.pablo.roig@gmail.com]
Sent: Monday, October 27, 2008 10:05 PM
To: users@httpd.apache.org
Subject: [users@httpd] mod_auth_ldap


Hi everyone!!
I am using this modue to auth the users thru an LDAP server, but know i
have more users in another LDAP server for another domain, does anyone
knows how to do this?
This is my config now:
<Directory "/opt/globant/mediawiki-1.6.9-infra">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
AuthName "Infra Login Users"
AuthType Basic
AuthLDAPURL
ldap://10.90.0.2/DC=com?sAMAccountName?sub?(objectClass=user)
AuthLDAPBindDN "ACCF165\ldapusr"
AuthLDAPBindPassword "globant25k"
AuthType Basic
Require group
cn=wiki_acc_usrs,OU=People,DC=accendra,DC=com
Satisfy Any

</Directory>

Yes the question is: two diferents ldaps.
I've solved this issue with mod_authnz_external
Thanks

2008/10/30, Jorge Medina <jmedina@e-dialog.com>:
> I'm not sure I am understanding your question:
>
> By "for another domain", do you mean another "site" ? If so, use
> <VirtualHost> to define each domain and use the appropiate LDAP server
> for each one.
>
> If you want to authenticate users against two unrelated LDAP domains,
> then you may look if there is a way to specify multiple servers in the
> authLDAPUrl directive. I think this is not possible.
>
>
> ________________________________
>
> From: Juan Pablo Roig [mailto:juan.pablo.roig@gmail.com]
> Sent: Monday, October 27, 2008 10:05 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] mod_auth_ldap
>
>
> Hi everyone!!
> I am using this modue to auth the users thru an LDAP server, but know i
> have more users in another LDAP server for another domain, does anyone
> knows how to do this?
> This is my config now:
> <Directory "/opt/globant/mediawiki-1.6.9-infra">
> Options Indexes FollowSymLinks
> AllowOverride None
> order allow,deny
> AuthName "Infra Login Users"
> AuthType Basic
> AuthLDAPURL
> ldap://10.90.0.2/DC=com?sAMAccountName?sub?(objectClass=user)
> AuthLDAPBindDN "ACCF165\ldapusr"
> AuthLDAPBindPassword "globant25k"
> AuthType Basic
> Require group
> cn=wiki_acc_usrs,OU=People,DC=accendra,DC=com
> Satisfy Any
>
> </Directory>
>
>

--
Enviado desde mi dispositivo móvil

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On Fri, Oct 31, 2008 at 5:16 AM, Oliver Marshall
<Oliver.Marshall@g2support.com> wrote:
> Hi chaps,
>
> I have the following code setup in an apache config file to restrict
> access to trac sites on the server via LDAP group membership.
>
> ***************************
> <Location /url/to/page>
> SetHandler mod_python
> PythonInterpreter main_interpreter
> PythonHandler trac.web.modpython_frontend
> PythonOption TracEnv /trac/environ/site
> PythonOption TracUriRoot /url/to/page
>
> AuthName "Authentication"
>
> AuthType Basic
> AuthBasicProvider ldap
>
> AuthzLDAPAuthoritative on
>
> AuthLDAPBindDN "CN=LDAP USER,CN=Users,DC=mydomain,DC=local"
> AuthLDAPBindPassword passwordgoeshere
> AuthLDAPURL
> "ldap://ldapserver.mydomain.local:389/DC=mydomain,DC=local?sAMAccountNam
> e?sub?(objectCla ss=*)" NONE
> AuthLDAPGroupAttributeIsDN on
> require ldap-group CN=testgroup,OU=Security Groups,OU=My
> OU,DC=mydomain,DC=local
>
> Require valid-user
> </Location>
> ****************************
>
> This works fine, with one slight exception. When we change the
> membership of the ldap group (in active directory on a windows box), we
> have to restart Apache on the linux box. A reload doesnt work, it has to
> be a restart. If we dont, then the changes to the group aren't
> recognised. It's as though the membership of the group is cached on the
> linux box and that cache is never updated.
>

Should last 10 minutes in the cache by default:

http://httpd.apache.org/docs/2.2/mod...l#ldapcachettl
http://httpd.apache.org/docs/2.2/mod...ldapopcachettl


--
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org