Re: [us...@httpd] Apache + LDAP + DAV + homes without ~
Great! I understand your idea. Thanks a lot! Saxa El 08/08/2010 13:29, Stefano Sasso escribió: 2010/8/3 Saxa Egeas...@saxa.dyndns.org: Dear all, I have compiled a httpd 2.2.16 with LDAP and DAV support running over SuSE linux. I'm trying to create a ftp like server through mod_dav. The authentication is made to a LDAP directory. I want to access with URL's like: http://servername/user1000/ http://servername/user1001/ http://servername/user1002/ And just the user1000 should be able to access the user1000 directory, the user1001 its own user1001 directory, etc. I don't want to create a dedicated rule for each user/directory. And I don't want to use the ~ at the beginning of the URL. I resolved a problem like this using only servername, without the /user1001. I have a virtualhost dav.mydomain.com with DAV enabled for read-write access, and a virtualhost, web.mydomain.com for read-only access, without DAV. (the r-o access from web.mydomain is in web.mydomain/user123 format). The dav.mydomain configuration is like this: VirtualHost 192.168.17.124 ServerName dav.gnustile.lan ServerAlias dav.* DocumentRoot /srv/web Directory /srv/web DAV On Options Indexes Options +FollowSymLinks AllowOverride None AuthType Basic AuthName WebDAV AuthUserFile /etc/apache2/vhost.dav require valid-user /Directory RewriteEngine On RewriteCond %{REQUEST_URI} !^/icons/ RewriteRule ^/(.*) /srv/web/%{LA-U:REMOTE_USER}/$1 Location /icons LimitExcept GET deny from all /LimitExcept /Location # ... /VirtualHost bye, stefano - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [us...@httpd] Apache + LDAP + DAV + homes without ~
2010/8/3 Saxa Egea s...@saxa.dyndns.org: Dear all, I have compiled a httpd 2.2.16 with LDAP and DAV support running over SuSE linux. I'm trying to create a ftp like server through mod_dav. The authentication is made to a LDAP directory. I want to access with URL's like: http://servername/user1000/ http://servername/user1001/ http://servername/user1002/ And just the user1000 should be able to access the user1000 directory, the user1001 its own user1001 directory, etc. I don't want to create a dedicated rule for each user/directory. And I don't want to use the ~ at the beginning of the URL. I resolved a problem like this using only servername, without the /user1001. I have a virtualhost dav.mydomain.com with DAV enabled for read-write access, and a virtualhost, web.mydomain.com for read-only access, without DAV. (the r-o access from web.mydomain is in web.mydomain/user123 format). The dav.mydomain configuration is like this: VirtualHost 192.168.17.124 ServerName dav.gnustile.lan ServerAlias dav.* DocumentRoot /srv/web Directory /srv/web DAV On Options Indexes Options +FollowSymLinks AllowOverride None AuthType Basic AuthName WebDAV AuthUserFile /etc/apache2/vhost.dav require valid-user /Directory RewriteEngine On RewriteCond %{REQUEST_URI} !^/icons/ RewriteRule ^/(.*) /srv/web/%{LA-U:REMOTE_USER}/$1 Location /icons LimitExcept GET deny from all /LimitExcept /Location # ... /VirtualHost bye, stefano -- Stefano Sasso http://stefano.dscnet.org/ - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[us...@httpd] Apache + LDAP + DAV + homes without ~
Dear all, I have compiled a httpd 2.2.16 with LDAP and DAV support running over SuSE linux. I'm trying to create a ftp like server through mod_dav. The authentication is made to a LDAP directory. I want to access with URL's like: http://servername/user1000/ http://servername/user1001/ http://servername/user1002/ And just the user1000 should be able to access the user1000 directory, the user1001 its own user1001 directory, etc. I don't want to create a dedicated rule for each user/directory. And I don't want to use the ~ at the beginning of the URL. I have tried: --- AliasMatch ^/user(.[0-9])/(.*) /home/user$1/$2 DirectoryMatch /user(.[0-9])/(.*) DAV on Order Allow,Deny Allow from All AuthType Basic AuthName LDAP Auth AuthBasicProvider ldap AuthzLDAPAuthoritative On AuthLDAPURL ldap://LDAPSERVER:389/o=LDAPBASE?userid?sub?(objectClass=Person) NONE AuthLDAPBindDN cn=LDAPUSER,o=LDAPBASE AuthLDAPBindPassword LDAPPASSWD /DirectoryMatch --- This is working fine until I try to limit the user user$1 to access the user$1 directory (example: user1000 is trying to access to the user1000 directory). I'm trying with the require user user$1. But it is not processed, it thinks is user$1, not user1000 user. I have also tried to user the require valid-user. But once you are authenticated then you can change the URL to any other directory. I have also tried to set and env (SetEnv UserID...) but it is not working too. Is there any solution for that? Any Idea? Thanks in advance Saxa - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org