On Sat, 3 Dec 2022 at 20:39, Eric Covener <cove...@gmail.com> wrote: Thanks for the speedy reply.
> > On Sat, Dec 3, 2022 at 3:21 PM sebb <seb...@gmail.com> wrote: > > > > The documentation for AuthzProviderAlias [1] looks wrong. > > > > AFAICT including 'Require all granted' means that anyone can access > > the directory. > > This is borne out by my local testing. > > That is odd and should not be in the example, even in such a contrived one. Should I raise a bug then? > > If I remove the Require line, then httpd complains "AuthUserFile not > > specified in the configuration". Presumably this is because auth is > > now needed, but the config is incorrect. > > > > If I change AuthBasicProvider to ldap, it complains that AuthLDAPUrl is > > missing. > > > > This is a bit surprising, given that it is specified in the alias > > definition. > > Also it's not at all obvious what URL should be used, given that the > > two aliases use different URLs. > > AuthBasicProvider is used for authn, not authz, so it can't get > configuration from an AuthzProviderAlias. > If you're authenticating against LDAP, you need to provide a URL. I see now, thanks. > Authentication can occur against a file and Authorization against > LDAP, but I think it's pretty rare (much less in the only example). > > > How is one supposed to use AuthzProviderAlias with LDAP auth? > > I don't know a ton about LDAP, but all of the combinations seem kind > of contrived. Maybe the best fix to the example is to use LDAP for > authn, with an AuthLDAPURL, and call the "other" alias some kind of > unusual 2nd LDAP server that has additional groups who might have the > same DN from the authentication LDAP server in other groups. It might be better to use an example of LDAP groups which use different attributes for their members. > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
