Skip to Content.
Sympa Menu

grouper-users - protecting web server resources with grouper

Subject: Grouper Users - Open Discussion List

List archive

protecting web server resources with grouper


Chronological Thread 
  • From: Chris Hyzer <>
  • To: Grouper Users Mailing List <>
  • Subject: protecting web server resources with grouper
  • Date: Fri, 29 May 2009 15:40:49 -0400
  • Accept-language: en-US
  • Acceptlanguage: en-US

Hey,

I am curious what people use to protect web resources with Grouper.
I have seen the apache module mod_authnz_ldap, and we have used that at Penn:

http://httpd.apache.org/docs/2.2/mod/mod_authz_groupfile.html

However, it is a little cumbersome to setup, and my understanding is that it
downloads the entire group's membership list (at least with our LDAP setup)
to see if one person is in the group. It does do caching though. So it
isn't good for us for large membership lists (e.g. active Penn person). We
made a patch to mod_authnz_ldap which does not download everything, though we
haven't even really distributed this within Penn since we don't want to have
to be the sole maintainers of it.

If there is not a better way to do this, if we coded a new Apache module
based on mod_authnz_ldap (e.g. mod_grouper) which doesn't download the entire
group list, and is easy to configure, would anyone be interested in helping
to maintain it? We weren't planning on making modules for web servers other
than apache... or is anyone interested in helping to maintain the
mod_authnz_ldap patch (if we cannot get it contributed back to the module
itself)

Thanks!
Chris



Archive powered by MHonArc 2.6.16.

Top of Page