Greetings!
In testing mod_authz_dbd it seems that the if a user is a member of a
*single* group the following Authz directives work properly:
Require dbd-group faculty
AuthDBDUserPWQuery "SELECT pw FROM auth where user =%"
AuthzDBDQuery "SELECT grp FROM groups WHERE user = %
However, when the user is a member of *multiple* groups [faculty &
staff] the Authz directives always fail returning an access denied:
Require dbd-group faculty staff dean alumni
AuthDBDUserPWQuery "SELECT pw FROM auth where user =%"
AuthzDBDQuery "SELECT grp FROM groups WHERE user = %
[likewise this also doesn't work]
Require dbd-group faculty staff dean alumni
AuthDBDUserPWQuery "SELECT pw FROM auth where user =%"
AuthzDBDQuery "SELECT grp FROM groups WHERE user = % AND (grp =
'faculty' OR grp ='staff'')"
[I'm using the following in my httpd.conf]
DBDDriver mysql
DBDParams "host=localhost dbname=dbase user=xxx pass=xxx"
DBDMin 1
DBDKeep 2
DBDMax 10
DBDExptime 60
<directory /usr/local/apache2/htdocs/grouptest>
AllowOverride none
AuthType basic
AuthName "Mysql Groups"
AuthBasicProvider dbd
AuthUserFile /dev/null
plus any one of the above sets of directives
</directory>
* It could be that authz is working as intended - one user can only
belong to one group?
* Apache logs set to debug just returns "user is denied access to
/grouptest"
* The mysgl.logs display the prepared sql statements
* I'm using a new build of apr-1.3.3 & apr-util-1.3.4
* I'm using mod_authz_dbd.c & mod_authz_dbd.h found at:
http://people.apache.org/~niq
* I'm using apache 2.2.11; mysql 5.1.31; OSX 10.5.6
Thanks for your help,
-bill
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org