[Auth_ldap] Fwd: question on multiple group directives

Wed Mar 29 07:00:31 PST 2006

So if i got it straight to AND them would need a "LDAPSatisfy All" type
function which is not yet available?

Also, there is no current (2.0) support for nested groups? i.e. if User1 is
member of group1, and group1 is member of group2 then
   require group dn=group2,...
will fail for user1??

Thanks again,
David

---------- Forwarded message ----------
From: Dave Carrigan <dave at rudedog.org>
Date: Mar 28, 2006 1:30 PM
Subject: Re: [Auth_ldap] question on multiple group directives
To: auth_ldap at rudedog.org

On Tuesday 28 March 2006 07:56, David Jones wrote:
> I don't think this is allowed, but would like confirmation/where its
> documented:
>
> <Location  /ldap>
>   AuthLDAPEnabled on
>     etc..
>   require group cn=group1,o=whatever
>   require group cn=group2,o=whatever
> </Location>
>
> where the user is both a member of group1 AND group2
>
> [What about if the user is member of group1 OR group2?
> If a new group3 includes group1 and group2 that would work for OR?]

The require group statements are ORed, so membership in either group would
suffice.

--
Dave Carrigan
Seattle, WA, USA
dave at rudedog.org | http://www.rudedog.org/
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-C++-DNS-PalmOS-PostgreSQL-MySQL-Postfix

Dave is currently listening to Eric Clapton - Have You Ever Loved A Woman
(Crossroads)

_______________________________________________
Auth_ldap mailing list
Auth_ldap at rudedog.org
http://www.rudedog.org/mailman/listinfo/auth_ldap
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.rudedog.org/pipermail/auth_ldap/attachments/20060329/84076f63/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://www.rudedog.org/pipermail/auth_ldap/attachments/20060329/84076f63/attachment.pgp 