hi,
We are working on a new intranet page for our office and I'm having trouble
getting one specific thing working.
Our old intranet was strictly static content in file system directories and
permissions were set exclusively on directories. Unfortunately even though
this is a new development, I'm currently stuck on Apache 2.2 on CentOS 6.
This works on the old one (Apache 2.2 on Solaris 11)
<Directory /data/www-root/intranet>
AuthType cas
AuthLDAPURL ldap://ctg-ldap/o=ncic-ctg?uid?sub
AuthzLDAPAuthoritative on
require ldap-group cn=.all-users,ou=Groups,o=ctg.queensu.ca,o=ncic-ctg
</Directory>
<Directory /data/www-root/intranet/restricted>
AuthType cas
AuthLDAPURL ldap://ctg-ldap/o=ncic-ctg?uid?sub
AuthzLDAPAuthoritative on
require ldap-group
cn=.restricted-group,ou=Groups,o=ctg.queensu.ca,o=ncic-ctg
</Directory>
The issue is on the new one is using a CMS and we are hoping to restrict access
based on Locations, not Directory blocks.
My block is similar to below but it doesn't seem to be taking effect. It seems
because the user has access to that directory that it's passing on the Location
restriction. Am I doing something wrong?
This is running on Apache 2.2 on CentOS 7.
<Directory /data/www-root/intranet2>
AuthType cas
AuthLDAPURL ldap://ctg-ldap/o=ncic-ctg?uid?sub
AuthzLDAPAuthoritative on
require ldap-group cn=.all-users,ou=Groups,o=ctg.queensu.ca,o=ncic-ctg
</Directory>
<Location /restricted>
AuthType cas
AuthLDAPURL ldap://ctg-ldap/o=ncic-ctg?uid?sub
AuthzLDAPAuthoritative on
require ldap-group
cn=.restricted-group,ou=Groups,o=ctg.queensu.ca,o=ncic-ctg
</Directory>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
