有我的configuration(httpd 2.4):
<AuthnProviderAlias ldap zzzldap> LDAPReferrals Off AuthLDAPURL "ldaps://ldap.zzz.com:636/o=zzz.com?uid?sub?(objectClass=*)" AuthLDAPBindDN "uid=zzz,ou=Applications,o=zzz.com" AuthLDAPBindPassword "zzz" </AuthnProviderAlias> <Location /svn> DAV svn SVNParentPath /DATA/svn AuthType Basic AuthName "Subversion repositories" SSLRequireSSL AuthBasicProvider zzzldap <RequireAll> Require valid-user Require ldap-attribute employeeNumber=12345 Require ldap-group cn=yyy,ou=Groups,o=zzz.com </RequireAll> </Location> Require valid-user是工作。 但是ldap-attribite,ldap-filter,ldap-group不起作用 – 在日志中一直denied 。 我花了很多时间,但不知道发生了什么。 这是我的日志的例子:
[Tue Sep 25 16:42:26.772006 2012] [authz_core:debug] [pid 23087:tid 139684003014400] mod_authz_core.c(802): [client 1.1.1.1:52624] AH01626: authorization result of Require valid-user : granted [Tue Sep 25 16:42:26.772014 2012] [authz_core:debug] [pid 23087:tid 139684003014400] mod_authz_core.c(802): [client 1.1.1.1:52624] AH01626: authorization result of Require ldap-attribute employeeNumber=12345: denied
我用ldapsearch检查了所有的信息:有一个有效的用户名,雇员ID和其他…
试试这个方法:
<AuthnProviderAlias ldap zzzldap> LDAPReferrals Off AuthLDAPURL "ldaps://ldap.zzz.com:636/o=zzz.com?uid?sub?(objectClass=*)" AuthLDAPBindDN uid=zzz,ou=Applications,o=zzz.com AuthLDAPBindPassword zzz </AuthnProviderAlias> <AuthzProviderAlias ldap-group ldap-group-yyy cn=yyy,ou=Groups,o=zzz.com> AuthLDAPURL "ldaps://ldap.zzz.com:636/o=zzz.com" AuthLDAPBindDN uid=zzz,ou=Applications,o=zzz.com AuthLDAPBindPassword zzz Require ldap-group cn=yyy,ou=Groups,o=zzz.com #Require ldap-attribute employeeNumber=12345 </AuthzProviderAlias> <Location /svn> DAV svn SVNParentPath /DATA/svn AuthType Basic AuthName "Subversion repositories" SSLRequireSSL AuthBasicProvider zzzldap <RequireAll> Require valid-user Require ldap-group-yyy </RequireAll> </Location>
我不确定“Require ldap-attribute employeeNumber = 12345”部分,但现在我的团队为我工作。