选择性 Apache v2.2 身份验证

tag-icon tag-icon apache-2.2 ldap subnet
选择性 Apache v2.2 身份验证

我想修改此代码片段,以便可以接受来自某个 IP 子网的连接而无需进行身份验证。

这可能吗?

短暂性脑缺血发作

肖恩

<Location "/rssbus">
    AuthBasicProvider ldap
    AuthType Basic
    AuthzLDAPAuthoritative on
    AuthLDAPURL "ldap://blah.com:3628/DC=blah,DC=com?sAMAccountName?sub?(objectClass=*)" STARTTLS
    AuthLDAPBindDN "[email protected]"
    AuthLDAPBindPassword XXXXXXXX
    AuthLDAPRemoteUserIsDN off
    Require valid-user
    Require ldap-group mygroup,OU=IT,OU=Groups,OU=gong,DC=blah,DC=com

    ProxyPass https://stgjo/bus
    ProxyPassReverse https://stgjo/bus

答案1

您需要添加 Satisfy 指令。如其所述这里

这样你就会得到:

<Location "/rssbus">
    AuthBasicProvider ldap
    AuthType Basic
    AuthzLDAPAuthoritative on
    AuthLDAPURL "ldap://blah.com:3628/DC=blah,DC=com?sAMAccountName?sub?(objectClass=*)" STARTTLS
    AuthLDAPBindDN "[email protected]"
    AuthLDAPBindPassword XXXXXXXX
    AuthLDAPRemoteUserIsDN off
    Require valid-user
    Require ldap-group mygroup,OU=IT,OU=Groups,OU=gong,DC=blah,DC=com
    Order allow,deny
    Allow from your.ip.address.allowed
    Satisfy Any 

    ProxyPass https://stgjo/bus
    ProxyPassReverse https://stgjo/bus

相关内容