No announcement yet.

What to Require?

  • Filter
  • Time
  • Show
Clear All
new posts

  • What to Require?

    When doing LDAP authentication I was wondering about the Require directive. What is it for?

    It was filled with default valid-user but I found that you can change it to anything you want. So I have a user in my LDAP server that is not in any group. I also have a group in my directory.

    I can change the Require to 'invalid-user', then restart and log on successfully. I also changed it to ldap-group cn=svn-users,ou=groups,dc=my-domain,dc=com, I initially thought that it would mean that the user needed to be part of the group in order to access the directory. This is not the case it seems. As far as I can tell it doesn't matter what I put in the Require the users will always be able to log on as long as they are in the directory and can provide correct credentials.

    So what is the Require field about? Is this to be implemented in a future release or something?

  • #2
    Hi there,

    Thanks for raising this, our dev guys are looking into the issue. I'll post back here as soon as I can.


    • #3
      I found another solution that works fine for me. I added a filter to the LDAP url so that only users that are part of the group are selected. The URL I'm using is
      ldap://fedora:389/dc=my-domain,dc=com?uid,objectClass?sub?(&(objectClass=i netOrgPerson)(memberof=CN=svn-users,OU=groups,DC=my-domain,DC=com))