0

Im running Apache2 on Ubuntu 12.04 Server because I want to create a home directory for each ldap user. I'm using LDAP for authentication and it's working ok. Also I've done some tests with LDAP module for Apache2 and it's working ok.

The problem with this LDAP authentication is that any success login can access to ~user/public_html, even if the user is not the owner of that home.

I dont know how to control that, for example, userldap2 access to userldap1/public_html. I want that only the userldap1 access to userldap1.

Could anybody tell me how to control that with LDAP authentication?

I hope that you'll understand me.

My config (auth_ldap.conf)

 <Directory /home/disco2/*/public_html> AuthName "Authentication" AuthType basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL ldap://prueba.borja/dc=prueba,dc=borja?uid? Require ldap-filter objectClass=posixAccount </Directory>
Improve this question
1
  • Most probably because www-data has access to each folder. Check not owner but group of the folder Commented Nov 29, 2012 at 21:22

1 Answer 1

Reset to default
1

An option that might work for you is the mod_authz_owner Apache module. While I cannot verify that this works with AuthBasicProvider ldap, we do use it with AuthType CAS:

AuthType CAS CASAuthNHeader REMOTE_USER Require file-owner

mod_authz_owner will allow you to use the Require file-owner option.

Improve this answer
2
  • Thanks for you help. I've tried some test with "Require file-owner" / ldap-filter, but I can't succeed with anyone, even if I login with the owner. LDAP users has 'homeDirectory' attribute... could be possible to check with ldapfilter that the ~uid equals the name of the /home/<username>? I'm stuck with this. Thanks again! Commented Nov 30, 2012 at 16:03
  • I'd appreciate any troubleshooting. I can't go on with this. Commented Dec 5, 2012 at 17:42

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.