-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
(Running Apache 2.2.22 with Debian patches) I've got some services that use LDAP for authentication. One specific service is our Nagios monitor. When the LDAP service is down, we get notifications that (duh) it's down, but because Nagios uses LDAP for authentication, we can't login to the monitoring console to ACK the erro r. So I'd like to set up a fall-back for one or two users to allow them to do this kind of thing for this specific circumstance. This is what I have right now for LDAP auth: AuthType Basic AuthBasicProvider ldap Require ldap-group cn=nagios,ou=groups,dc=my-dc At first, I was thinking of modifying the above to something like this: AuthType Basic AuthBasicProvider ldap file Require ldap-group cn=nagios,ou=groups,dc=my-dc Require valid-user ## Multiple REQUIREs will allow any matching criterion The problem with the above is that ldap-group will require a group only from ldap, but valid-user would allow ANY USER from the LDAP server, so I would no longer be able to get my LDAP group requirement to apply. Is there any way to combine these two authentication mechanisms (ldap, file) such that I can require an ldap-group for the LDAP users and a valid-user ONLY FROM THE FILE? I'm fairly confident that I could do this with a backup LDAP server (even on localhost with only a few users ... or a complete backup if I wanted) but that's a lot of infrastructure to set up for what I was hoping could be a quick-and-dirty fall-back solution. Any ideas? Thanks, - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJXued+AAoJEBzwKT+lPKRYQ4YP/RInLuiAgmh9vNcTJtLMOg/H HbGYJ2+3wnzNJVVIanSDHdBwMM9xTGfRU20whKV2pXOuQI1VTBbVnv+liDOcmse6 lUOpYJyr8QB/mkx+Je77ICJnemd+TZiHJwnGHJPplJxT2jQXOlFMv9b+tBql9fNd tPiTjKlN5wiWEJEvKnWpPmeGnqys9ZP6pOnUAPtWU8HDPyEiof0cgtwikwx4b6Gx +RYuP+qNa60UcKq1hY0trqLR+9GTSmsdsx5LUXFNwXAZoqy5ltLis+/RFsz5ZIvw 03deeqhLR2xYUaekcKecnJ6Zk5M5beGt7elEpwG+YqKxLNXlmjOoNGpYllh5sSIq 1yLjwayjyyIcjnOguN3S7qZl3Ybaw3Oh0lOxSH4Jmx4LjgOGlFcZc1JqO7YwtF2C RMvOUuH8830ZGFEZEC1Xb466+KUc/3xuj7I3uRA2Vkjf8htA0pX7xp3ZUrb8RGkx t+3rg1cwn/wk5UC8nZUybhzDrbgbv2dJoobC4ZkUTVfhyGKI4aluwuCBYoPYjzlc 76EHk3NF3vlyCrx8uoeWHH2ElN8kbt9n4jH5zP3WuvBPRx7Bn1EDNLysFGHUjAur WDfPzfg12iFg8bX9pR6AEweZVsGkmpXBd6kO0FgnC2imVtitCvHpGjYqMsUDxnj7 bL9Uu5ui7jPOpE0i+6gu =HHir -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
