I have a PC with a LDAP server running on it. Let's suppose the url of the server is ldapserver. I've got a base structure dc=example,dc=cz. Then I've got a base organization unit structure called ou=people in which a user called user is.
The other organization unit structure is called ou=groups including a group called cn=git. user is also a member of this cn=git group.
If I run
AuthLDAPURL ldap://ldapserver:389/ou=people,dc=example,dc=cz
Require valid-user
then Apache has no problem. However, if I run
AuthLDAPURL ldap://ldapserver:389/ou=people,dc=example,dc=cz
Require ldap-group cn=git,ou=groups,dc=example,dc=cz
this, I get rejected. Why is it so? Am I missing on something about the functionality of the ldap system? My idea is that I tell ldap to search for user in ou=people. Then I ask him whether the user is also in the cn=git,ou=groups group. Is it so?
Apache config:
<Files "git-http-backend">
AuthType Basic
AuthName "Git Access"
AuthBasicProvider ldap
AuthLDAPURL "ldap://ldapserver:389/ou=people,dc=example,dc=cz?uid?sub?(objectClass=*)"
Require ldap-group cn=git,ou=groups,dc=example,dc=cz
</Files>
