From: Christophe Jaillet Date: Sat, 23 Jun 2018 13:15:03 +0000 (+0000) Subject: Reorder section to be more logical. X-Git-Tag: 2.4.34~76 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1dea1170d7cf514d59b1b8555fff86a407035c41;p=apache Reorder section to be more logical. Based on r1553469. This fixes an example which contains spaces in a LDAP group name (i.e. cn=Temporary Employees,o=Airius) I've also synch with trunk: - add some " to improve syntax highlight - use AuthLDAPUrl in stead of AuthLDAPURL in order to have syntax highlight work git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1834205 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_authz_core.xml b/docs/manual/mod/mod_authz_core.xml index 76902205e7..93b86a715d 100644 --- a/docs/manual/mod/mod_authz_core.xml +++ b/docs/manual/mod/mod_authz_core.xml @@ -41,54 +41,6 @@ authorization processing.

-
Creating Authorization Provider Aliases - -

Extended authorization providers can be created within the configuration - file and assigned an alias name. The alias providers can then be referenced - through the Require directive - in the same way as a base authorization provider. Besides the ability to - create and alias an extended provider, it also allows the same extended - authorization provider to be referenced by multiple locations. -

- -
Example -

The example below creates two different ldap authorization provider - aliases based on the ldap-group authorization provider. This example - allows a single authorization location to check group membership within - multiple ldap hosts: -

- - -<AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx> - AuthLDAPBindDN cn=youruser,o=ctx - AuthLDAPBindPassword yourpassword - AuthLDAPURL ldap://ldap.host/o=ctx -</AuthzProviderAlias> - -<AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev> - AuthLDAPBindDN cn=yourotheruser,o=dev - AuthLDAPBindPassword yourotherpassword - AuthLDAPURL ldap://other.ldap.host/o=dev?cn -</AuthzProviderAlias> - -Alias "/secure" "/webpages/secure" -<Directory "/webpages/secure"> - Require all granted - - AuthBasicProvider file - - AuthType Basic - AuthName LDAP_Protected_Place - - #implied OR operation - Require ldap-group-alias1 - Require ldap-group-alias2 -</Directory> - -
- -
-
Authorization Containers

The authorization container directives @@ -117,7 +69,7 @@ Alias "/secure" "/webpages/secure" Require user superadmin <RequireAll> Require group admins - Require ldap-group cn=Administrators,o=Airius + Require ldap-group "cn=Administrators,o=Airius" <RequireAny> Require group sales Require ldap-attribute dept="sales" @@ -126,7 +78,7 @@ Alias "/secure" "/webpages/secure" </RequireAny> <RequireNone> Require group temps - Require ldap-group cn=Temporary Employees,o=Airius + Require ldap-group "cn=Temporary Employees,o=Airius" </RequireNone> </RequireAll> </Directory> @@ -155,7 +107,7 @@ Alias "/secure" "/webpages/secure" other HTTP request header fields.

-SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in +SetEnvIf User-Agent "^KnockKnock/2\.0" let_me_in <Directory "/docroot"> Require env let_me_in </Directory> @@ -256,6 +208,59 @@ SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+ + +
Creating Authorization Provider Aliases + +

Extended authorization providers can be created within the configuration + file and assigned an alias name. The alias providers can then be referenced + through the Require directive + in the same way as a base authorization provider. Besides the ability to + create and alias an extended provider, it also allows the same extended + authorization provider to be referenced by multiple locations. +

+ +
Example +

The example below creates two different ldap authorization provider + aliases based on the ldap-group authorization provider. This example + allows a single authorization location to check group membership within + multiple ldap hosts: +

+ + +<AuthzProviderAlias ldap-group ldap-group-alias1 "cn=my-group,o=ctx"> + AuthLDAPBindDN "cn=youruser,o=ctx" + AuthLDAPBindPassword yourpassword + AuthLDAPUrl "ldap://ldap.host/o=ctx" +</AuthzProviderAlias> + +<AuthzProviderAlias ldap-group ldap-group-alias2 "cn=my-other-group,o=dev"> + AuthLDAPBindDN "cn=yourotheruser,o=dev" + AuthLDAPBindPassword yourotherpassword + AuthLDAPUrl "ldap://other.ldap.host/o=dev?cn" +</AuthzProviderAlias> + +Alias "/secure" "/webpages/secure" +<Directory "/webpages/secure"> + Require all granted + + AuthBasicProvider file + + AuthType Basic + AuthName LDAP_Protected_Place + + #implied OR operation + Require ldap-group-alias1 + Require ldap-group-alias2 +</Directory> + +
+ +
+ + + + Require Tests whether an authenticated user is authorized by @@ -392,7 +397,7 @@ Require group admin -Access control howto +Access Control howto Authorization Containers mod_authn_core mod_authz_host