We currently have an Apache/Tomcat (5.5) application running and we're using the LDAP authentication feature (by configuring the realm) against a multi domain structure and it's working great. One thing we would like to do is limit access to users based on their membership on a specific group in AD. Basically, only users of GroupA will be alowed to access the app. I'm wondering if this type of configuration is possible. If so, can you point me in the right direction? Thanks in advance.
A:
I believe you can accomplish this with the mod_authnz_ldap module in apache:
http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#reqgroup
vinny
2009-01-15 13:49:59
Might sound overkill, but implementing a custom realm is *so* easy. Plus you get the source for the builtin realm as working example, to make it really smooth. Very good advice!
Olaf
2009-01-24 10:10:20