Apache/Tomcat - 基于 AD 组成员身份的 LDAP 身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/445144/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Apache/Tomcat - LDAP Authentication based on AD Group Membership
提问by
We currently have an Apache/Tomcat (5.5) application running and we're using the LDAP authentication feature (by configuring the realm) against a multi domain structure and it's working great. One thing we would like to do is limit access to users based on their membership on a specific group in AD. Basically, only users of GroupA will be alowed to access the app. I'm wondering if this type of configuration is possible. If so, can you point me in the right direction? Thanks in advance.
我们目前有一个 Apache/Tomcat (5.5) 应用程序正在运行,我们正在针对多域结构使用 LDAP 身份验证功能(通过配置领域),并且它运行良好。我们想做的一件事是根据用户在 AD 中的特定组中的成员身份来限制对用户的访问。基本上,只有 GroupA 的用户才能访问该应用程序。我想知道这种类型的配置是否可行。如果是这样,你能指出我正确的方向吗?提前致谢。
回答by l_39217_l
回答by vinny
I believe you can accomplish this with the mod_authnz_ldap module in apache:
我相信您可以使用 apache 中的 mod_authnz_ldap 模块完成此操作:
http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#reqgroup
http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#reqgroup
