Getting apache to see a LDAP group membership change


 
Thread Tools Search this Thread
Top Forums Web Development Getting apache to see a LDAP group membership change
# 1  
Old 12-11-2015
Getting apache to see a LDAP group membership change

trying to implement authz to a webpage using require ldap-group. It works, except I need to do apachectl restart before the server will observe an add or a delete to the group.

Seems like apache is acquiring the group membership at startup & caching it.

It's a static group.

I have apache 2.2 on AIX and TDS LDAP.

We want to automate group member adds/deletes, which implies that we need to automate refreshing the server's knowledge of the group. Possible solutions I've wondered about:
  • using dynamic groups (membership would be evaluated on every authz rather than the principal/user being compared against a cached list). This may be conceptually correct but is not an option given our schema.
  • doing something fugly like require ldap-attribute is-member-yatta-blah. I should be able to use require ldap-group.
  • driving a apachectl refresh out of the add/delete automation. I'd do it with ssh to a public-key-protected login on the servers running apache, as long as that doesn't make our security heads hurl.
  • something in HTML that tells the server to refresh its cached image of group contents ?

ideas appreciated
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Apache 2.4 User/Group option with svcadm

Hello all, Solaris 11. Branch: 0.175.3.35.0.6.0 Asking for some assistance in trying to understand how Apache24 works with svcadm. I used: svccfg -s network/http:apache24 listprop setprop start/user=<rabbit> setprop start/group=<pod> This is also set in... (1 Reply)
Discussion started by: smiloo
1 Replies

2. Web Development

LDAP Connection Issue on Apache Web Server

Hi.. I have very limited knowledge on LDAP and its configuration and but I have been trying to figure out one issue that takes place when I am running the program that is written in php, but so far its unsuccessful. The server, I am working on is ldap server, which is running on Apache. After... (1 Reply)
Discussion started by: GomathiUoM
1 Replies

3. UNIX for Advanced & Expert Users

AD Group Policy Management and Kerberos / LDAP

Has anyone attempted to define GPO / HBAC policies in Windows Server 2012 that could be respected by Kerberos/LDAP on AIX? I'm looking to associate servers to groups so that when a user part of a group tries to login to a host not associated with that group, it would be denied. This would allow... (3 Replies)
Discussion started by: Devyn
3 Replies

4. UNIX and Linux Applications

LDAP Group query

I need to write LDAP group query where I need to find if a particular user is a member of a 2 specific Groups. This is LDAP Novell edirectory implementation. Below are the details - ================ LDIF entry for OndotAPI group dn: cn=OndotAPI,ou=Groups,o=CNS changetype: add ... (0 Replies)
Discussion started by: jhamaks
0 Replies

5. HP-UX

HP Software depo Apache with LDAP issue

HI guys, I've come to this great community with a problem that everything that I could find is related to a bug, in the ldap code in the apache but nothing else. My problem happens after installing the Apache from HP software depo, it installs sucessfully and everything, but when I setup a... (0 Replies)
Discussion started by: feliper
0 Replies

6. Solaris

Solaris LDAP group problem

I have a test environment which is running RedHat 6.5 Identity management. On the lab network are two Solaris 10 (U11) machines. I can successfully log into the S10 machines using the ldap username/passwords. However, I have a problem with groups and although I found through an internet search one... (3 Replies)
Discussion started by: cjhilinski
3 Replies

7. SuSE

ldap client_forcible pwd change

Hi, I have configured ldap client on openSUSE 11.3 with yast2 config. Since I am able to get list of all users through getent, it seems configuration done properly.But while logging in with ldap id its prompting for password change. login as: testuser Using keyboard-interactive... (1 Reply)
Discussion started by: tuxian
1 Replies

8. Emergency UNIX and Linux Support

Configure Squid to use LDAP group auth to deny internet access

Hi all We have squid-2.5.STABLE11-3.FC4 running in our environment. LDAP authentication works fine. Active Directory 2003 Users are prompted to enter credentials every time they access the net. The system works perfectly, but I need to configure Squid to block users in a specific AD group.... (1 Reply)
Discussion started by: wbdevilliers
1 Replies

9. Red Hat

Issues with LDAP user/group permissions on NFS share

I can't seem to make sense of this. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga) $ $ mount /dev/sda2 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies

10. Solaris

Group membership limit

On Solaris, a user is limited to being a member of a maximum of 16 groups. Could someone tell me where this limit comes from, i.e. is it NIS, or Solaris, or NFS that is imposing this limit? What is the work-around to remove this limitation? (4 Replies)
Discussion started by: son_t
4 Replies
Login or Register to Ask a Question