Apache2 - Define two working Auth Providers

apache-2.4 apache2 .htaccess

If you provided both the file and the ldap authentication providers (using the AuthBasicProvider ldap file directive), then you can define the following ruleset in order to be able to authenticate from both. I'm assuming that you use the uid attribute as username, but if not, it shouldn't be too hard to rewrite the condition below.

<RequireAny>
    <RequireAll>
        Require valid-user
        Require ldap-group cn=admins,ou=groups,out=main,dc=my=dc=tld
    </RequireAll>
    <RequireAll>
        Require valid-user
        Require not ldap-attribute uid="%{REMOTE_USER}"
    </RequireAll>
</RequireAny>

So the user is authenticated if any of the following is true:

  1. The user is valid and has the proper LDAP group membership. In this case, the user must have been authenticated by the ldap backend.
  2. The uid attribute of the user does not match the given username, yet the user is valid. This can happen only if the uid attribute is nonexistent, but if it is, then the ldap provider could not find the user in the LDAP database. So in this case, the validity of the user credentials have been determined by the file provider.

Related

How to run wall command as another user in Linux (RHEL8)
How to work out the rack requirements for a specific machine?
PowerDNS Master Slave Transfer method
Virtualhost1 SSL affecting Virtualhost2 Aliase SSL
How can I expect PowerLine Networking to work?
Putty automatically log in into different sessions
Firefox text search - How to disable automatic wrap-around when reaching the end of a document
How to Paste a picture as JPG instead of PNG
How can I turn my laptop display off completely (while script is running)?
Why is a new group not active after SSH login via tmux?
ffmpeg video compression: Desaturating colors / losing color information
Is there an alternative to Applocker in Windows 7 Professional that is built into the operating system?