On Wed, 06 Jul 2011 15:42:18 +0200, Robert Velter wrote:
> Hi Amos,
>
> thanks for your clarification and the link. So i try now the
> following:
>
> 1) Add a working basic auth to auth_param (probably ldap_auth).
> 2) Modify the access list from
> http_access allow ldapgroup-access
> http_access deny all
> to
> http_access deny !ldapgroup-access
> http_access allow all
>
Its not clear from your original post if you need the group checking on
Basic auth'ed users. You might want something like this to require *a*
login, but not block basic auth user with the group-check:
acl authed proxy_auth REQUIRED
acl authBasic req_header Proxy-Authenticate ^Basic
# if NOT logged in as basic do the group check. re-auth if that
fails.
http_access deny !authBasic !ldapgroup-access
# only gets here if (a) auth via Basic, or (b) auth via
NTLM/Negotiate with group checked OK.
http_access allow authed
# for config clarity. Should not actually be reachable.
http_access deny all
Amos
Received on Thu Jul 07 2011 - 00:12:05 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 07 2011 - 12:00:06 MDT