apache auth: combination of LDAP and htpasswd
11,146
Solution 1
try this:
AuthType Basic
AuthName "LDAP and file
AuthBasicProvider file ldap
AuthUserFile /path/to/htpassword/file
AuthLDAPBindDN <your bind dn>
AuthLDAPBindPassword <your password>
AuthLDAPURL "<your ldap url>"
AuthzLDAPAuthoritative off
Require valid-user
Satisfy any
Perhaps you switch AuthBasicProvider file ldap
to AuthBasicProvider ldap file
, depending on where you want to search first.
Solution 2
If you also need to check for the user being in a specific LDAP-group, you can use the following:
AuthType Basic
AuthName "LDAP and file"
AuthBasicProvider file ldap
AuthUserFile /path/to/htpassword/file
AuthLDAPBindDN <your bind dn>
AuthLDAPBindPassword <your password>
AuthLDAPURL "<your ldap url>"
AuthzLDAPAuthoritative off
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute memberUid
Require valid-user
Require ldap-group cn=svn,cn=groups,dc=ldapsvr,dc=example,dc=com
Related videos on Youtube
Comments
-
noamtm over 1 year
We're using Apache with mod_svn to serve the subversion repo. Apache is hooked to an LDAP server so all users can use their domain passwords. For the build machine to be able to checkout, I want to have an extra user, but I can't add via LDAP.
Can I create a setup where the user/pwd has to match either the LDAP server or an htpasswd file?
-
Keith about 6 yearsFWIW, "Satisfy any" in the conf resulted in no auth at all, when I tried it. Removing "Satisfy any" yields expected/desired results, though.
-
mveroone over 5 years(I know this is 5 years old but it seems wrong) As per the documentation, all Require directoves are considered to be part of a RequireAny block if not in a block. Using this, your
Require ldap-group
is ignored