In Apache, what would be the best way to only give access to users who pass the two following tests:
- User does not appear in blacklist (alternatively, appears in whitelist)
- User has valid LDAP user account
I already have the second test in place but I now need to bar some of the valid LDAP users. Note that I cannot create an AD group to represent my black/white list.
Best Answer
appears in whitelist is easy -- just list individual users with require ldap-user (or require user in 2.0) instead of "require valid-user".
A blacklist is not possible without writing a short module or doing something hokey such as mod_rewrite in context + a rewritemap of the blacklist. You can then just look at the logged in username.