Eric - Thanks for the response, i do see how the multiple requires act as an OR statement. The only issue that i am facing now is the scenario I mentioned above, will apache not let me do something like:
<Directory /data/folder> #SetHandler fastcgi-script Options ExecCGI FollowSymLinks AllowOverride None AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative off AuthName "Secret" AuthLDAPURL "ldap:// test.mydomain.com:3268/DC=mydomain,DC=internal?sAMAccountName?sub?(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=internal)" NONE AuthLDAPBindDN "CN=aduser,OU=ENT SERVICE ACCOUNTS,DC=mydomain,DC=internal" AuthLDAPBindPassword mysupersecretpassword Require ldap-group CN=users,OU=ENT SECURITY GROUPS,DC=mydomain,DC=internal </Directory> <Directory /data/folder/projects/a> #SetHandler fastcgi-script Options ExecCGI FollowSymLinks AllowOverride None AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative off AuthName "Secret" AuthLDAPURL "ldap:// test.mydomain.com:3268/DC=mydomain,DC=internal?sAMAccountName?sub?(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=internal)" NONE AuthLDAPBindDN "CN=aduser,OU=ENT SERVICE ACCOUNTS,DC=mydomain,DC=internal" AuthLDAPBindPassword mysupersecretpassword Require ldap-group CN=users,OU=ENT SECURITY GROUPS,DC=mydomain,DC=internal Require ldap-group CN=contractors,OU=ENT SECURITY GROUPS,DC=mydomain,DC=internal </Directory> It appears if i try to access http://projects/a, using the contractor user it doesn't take the authentication, almost like apache is only considering the Directory state of /data/folder, and ignoring completely my 2nd Directory statement. I get an error in my logs of: [Thu Apr 04 18:22:17 2013] [error] [client 10.0.0.10] access to /projects/a/ failed, reason: require directives present and no Authoritative handler. Anyways thanks for your response.. I am trying to figure out how Apache deals with multiple directory statements inside the same directory tree. Devin On Thu, Apr 4, 2013 at 5:11 PM, Eric Covener <cove...@gmail.com> wrote: > > > > I just wanted to see if i could give multiple groups access to the same > > folder but when i try to do that Apache stops prompting for a password > and > > authentication breaks all together. > > "Satisfy any" means either authorization (Require) or host-based > access control is required. You didn't configure any of the latter, so > access is granted. > > > > > So question I have two fold, first is it not possible to allow multiple > > groups with mod_authnz_ldap to the same folder and use Satisfy any?? So > even > > if i get the multiple group authentication working, is it going to be > > possible to say give permission with Apache / LDAP like i have explained > > below? > > Multiple requires in 2.2 are OR'ed together. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
