the trick.
KR
Thomas
On 2015-01-18 17:29, Thomas Peter wrote:
Hi,
I'm trying to put httpd as reverse-proxy in front of a third party
java application (running in tomcat) to handle authentication in
httpd.
The thirdparty app claims to be able to accept the user (that is
authenticated before
Hi,
I'm trying to put httpd as reverse-proxy in front of a third party java
application (running in tomcat) to handle authentication in httpd.
The thirdparty app claims to be able to accept the user (that is
authenticated before it hits the app) via http header (I can configure
the http variab
With Rails & phusion -- and thus likely with fcgid -- the environment
variables you are seeing are likely what was in the Apache subprocess
when your persistent Rails or--more generaly--fcgid--process was
spawned. To be safe, I suggest you clear them during Ruby
initialization, to avoid confusion
This may help you; I patched mod_ssl to retrieve the certificate DN in
RFC2253 [LDAP-compliant] format, instead of the deprecated method
currently used:
--- http-2.2.15-baseline/modules/ssl//ssl_engine_vars.c Sat Feb 27
16:00:58 2010
--- http-2.2.15/modules/ssl//ssl_engine_vars.c Tue Mar 23 14:2
ge-
> From: Eric Covener [mailto:cove...@gmail.com]
> Sent: Tuesday, April 06, 2010 3:57 PM
> To: users@httpd.apache.org
> Subject: Re: [us...@httpd] How do I require more than one
> Require ldap-* directive match?
>
> On Tue, Apr 6, 2010 at 1:50 PM, Thomas, Peter
&
s to "present" one ldap-*
require line at a time, then aggregating the results into a single
return value.
I've seen some pretty subtle tricks from all of you--I'm hoping that
someone out there has a better option than building up a new provider.
--Pete
__
How do I configure mod_authnz_ldap to require that I meet multiple
authorization conditions [i.e. user must be a member of an LDAP group
AND also posses one or more attributes]. As it is, the code returns
"OK" as soon as the first "Require ldap-*" directive succeeds,
short-circuiting subsequent re
This doesn't apply only to RHEL5. Add "--with-ldap-lib=/lib and --with-ldap-include=/include" if you want to use OpenLDAP instead of the Solaris LDAP
SDK.
On Solaris, if you omit these options, the configure script for apr-util
will pick up the Solaris LDAP SDK.
> -Original Message-
> Fr
No, there isn't. There are--or were--providers like dyndns that would also
do port and server re-mapping in addition to dynamic DNS aliasing.
Mike Hagerty wrote:
Hello.
Forgive me if this has been handled in the Archives. I've tried
searching different key words but I haven't
found anything.
I
Eric Covener replied:
>That doesn't seem possible, as mod_authnz_ldap doesn't hook
access_checker (and access_checker is before e.g. mod_auth_basic can
even perform authn -- how can you do authz if you don't know who the
user is?)
And yet it moves...see log excerpt below...
The only other possibi
fect of an
extra, useless LDAP query with a blank filter.
How do I instruct Apache to remove mod_authnz_ldap's authorization
handler from the access phase, while leaving it in for authorization?
Warmly,
--Pete
________
From: Thomas, Peter [mailto:ptho...@hpti.
>Thanks, this worked. But is this the best way to do it, though? Is it
possible to make the www folder traversible only by the apache
user/group and not *all* users? The users on my box are trusted so >it's
not a big deal but I'm just trying to understand best practices used for
security.
Run:
Just a stylistic note, I'm a great believer in the "find" command, but
in this case I believe it is more readable to do something like this:
# First, make sure the home directory is traversable by all users
chmod a+x /home/somebody
# Then, make sure NO files are executable under /home/somebody/ww
It seems that coercing all your URLs to lower case is one option. This
is a bit brute-force, and assumes that you have no valid upper-case
URLs! That said, perhaps you could add a rule as follows:
RewriteMap lower int:tolower
RewriteRule ^/(.*) /${lower:$1}
--Pete
-Original Message-
Fr
I have a situation where presentation of an X.509 certificate by a user
in two-way SSL is considered authoritative for identification purposes,
however I need to use the directory for attribute and authorization
information.
The LDAP server expects me to bind via my server certificate with
two-way
15 matches
Mail list logo
