Ldap – How to authenticate users in nested groups in Apache LDAP

apache-2.2groupsldap

I've working LDAP authentication with the following setup

 AuthName            "whatever"
 AuthType            Basic
 AuthBasicProvider   ldap
 AuthLDAPUrl         "ldap://server/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,DC=local?sAMAccountName?sub?(objectClass=*)"
 Require ldap-group  CN=MySpecificGroup,OU=Security Groups,OU=MyBusiness,DC=company,DC=local

This works, however I've to put all users I want to authenticate into MySpecificGroup. But on LDAP server I've configured that MySpecificGroup also contains the group MyOtherGroup with another list of users.

But those users in MyOtherGroup are not authenticated, I've to manually add them all to MySpecificGroup and basically can't use the nested grouping. I'm using Windows SBS 2003.

Is there a way to configure Apache LDAP to do this? Or is there a problem with possible infinite recursion and thus not allowed?

Best Answer

You need to set AuthLDAPSubGroupDepth to make this work. The integer you provide here specifies the maximum sub-group nesting depth that will be evaluated before the user search is discontinued.

Add this to your config:

AuthLDAPSubGroupDepth 1

More Info: here and here.

Best Answer

Related Solutions

Debian – Apache + LDAP Auth: access to / failed, reason: require directives present and no Authoritative handler

Windows – Apache httpd with LDAP error in CentOS

Related Topic