In Apache, an amount be the easiest method to only give use of customers who pass the 2 following tests:
- User doesn't come in blacklist (alternatively, seems in whitelist)
- User has valid LDAP user account
I curently have the 2nd test in position however i now have to bar a few of the valid LDAP customers. Observe that I cannot create an advertisement group to represent my black/whitened list.
I've handled to achieve that using
The config then looks something similar to:
<Location /blacklisted > AuthType Basic AuthName "PAM" AuthBasicProvider ldap Require valid-user AuthLDAPURL ldap://ldap.example.com/?sAMAccountName?sub AuthzLDAPAuthoritative off AuthLDAPBindDN bindUser@example.com AuthLDAPBindPassword verySecurePasswd Order allow,deny Deny from 192.168.1 Allow from all </Location>
However, I still have no idea whether that might be achievable basically desired to blacklist LDAP usernames rather than IP addresses. (Covener appears to point out some complex config could get it done however i haven't attempted it).