|
Home > Archive > Netware Webserver > August 2005 > Multiple contexts for user home directories in 6.5?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Multiple contexts for user home directories in 6.5?
|
|
| jwnews2@av.k12.mo.us 2005-06-16, 5:45 pm |
| Until recently we were running NetWare 6.0 with its enterprise web
server. We had started experimenting with user home directories so our
teachers could easily publish their own web pages. The configuration
there allowed us to specify which eDirectory contexts should be allowed
to create public HTML.
We have upgraded the server to NetWare 6.5, and the user home directory
settings did not carry over to Apache. I have found TID10090225 which
says that the user search context can contain only one value. If true
this is a problem for us because if I set to the context to our
organization level, our students will also be able to publish HTML -
something we definitely don't want.
Is it, in fact, possible to specify multiple search contexts for user
home directories, and if so, how specifically does one configure that?
If that's not possible, suppose I set the user search context to our
organization. Without rearranging my directory tree, how might I
prevent students from putting up a web site in a public_html directory?
Jim Wagner
Arcadia Valley Schools
| |
| Simon Flood 2005-06-17, 7:45 am |
| On 16/06/2005 17:28, jwnews2@av.k12.mo.us wrote:
> Until recently we were running NetWare 6.0 with its enterprise web
> server. We had started experimenting with user home directories so our
> teachers could easily publish their own web pages. The configuration
> there allowed us to specify which eDirectory contexts should be allowed
> to create public HTML.
Whilst not having done the above via the Enterprise Web Server I am in
the position of having to move our solution (Apache 1.3x on NW6.0) on to
use Apache 2 on NW6.5
> We have upgraded the server to NetWare 6.5, and the user home directory
> settings did not carry over to Apache. I have found TID10090225 which
> says that the user search context can contain only one value. If true
> this is a problem for us because if I set to the context to our
> organization level, our students will also be able to publish HTML -
> something we definitely don't want.
The TID is wrong. Whilst I haven't configured Apache via the Apache
Admin tool (I've edited the conf files by hand) I know that the setting
(it's hDirSearchContexts) will accept more than one context with each
separated by a space:
hDirSearchContexts o=Staff ou=Privileged,o=Students
would allow all Staff and only Privileged Students to work.
> Is it, in fact, possible to specify multiple search contexts for user
> home directories, and if so, how specifically does one configure that?
> If that's not possible, suppose I set the user search context to our
> organization. Without rearranging my directory tree, how might I
> prevent students from putting up a web site in a public_html directory?
It should also be possible to prevent students publishing on a web site
(though not from creating files in a public_html directory) by
restricting the rights that the user Apache uses has. This would only
work if you were using a particular user object for Apache (mod_edir) to
log in with rather than via public rights.
In my particular case Apache 2 is running on a server dedicated for web
serving. It doesn't hold any user directories. LDAP lookup are done
against another server that is dedicated for LDAP.
Because user's home directories are on remote servers I've had to
configure Apache (mod_edir) to allow access to those remote volumes as
well as give the user that mod_edir is using Read and File Scan trustee
rights to the home directories (done at volume level so flow down).
HTH
Simon
| |
| Jude Travers-Frazier 2005-08-23, 5:45 pm |
| Simon,
Would you be willing to post the applicable sections of your httpd.conf
file? We're having a world of trouble trying to get user dirs. to work
after having gone to NW 6.5 (Apache is running on one server, user home dirs
are on another, and LDAP is on yet another; please don't ask why. 
I'd love to see a working configuration, if you wouldn't mind sharing.
Thanks!
jtf
On 16/06/2005 17:28, jwnews2@av.k12.mo.us wrote:
[vbcol=seagreen]
> Until recently we were running NetWare 6.0 with its enterprise web
> server. We had started experimenting with user home directories so our
> teachers could easily publish their own web pages. The configuration
> there allowed us to specify which eDirectory contexts should be allowed
> to create public HTML.
Whilst not having done the above via the Enterprise Web Server I am in
the position of having to move our solution (Apache 1.3x on NW6.0) on to
use Apache 2 on NW6.5
> We have upgraded the server to NetWare 6.5, and the user home directory
> settings did not carry over to Apache. I have found TID10090225 which
> says that the user search context can contain only one value. If true
> this is a problem for us because if I set to the context to our
> organization level, our students will also be able to publish HTML -
> something we definitely don't want.
The TID is wrong. Whilst I haven't configured Apache via the Apache
Admin tool (I've edited the conf files by hand) I know that the setting
(it's hDirSearchContexts) will accept more than one context with each
separated by a space:
hDirSearchContexts o=Staff ou=Privileged,o=Students
would allow all Staff and only Privileged Students to work.
> Is it, in fact, possible to specify multiple search contexts for user
> home directories, and if so, how specifically does one configure that?
> If that's not possible, suppose I set the user search context to our
> organization. Without rearranging my directory tree, how might I
> prevent students from putting up a web site in a public_html directory?
It should also be possible to prevent students publishing on a web site
(though not from creating files in a public_html directory) by
restricting the rights that the user Apache uses has. This would only
work if you were using a particular user object for Apache (mod_edir) to
log in with rather than via public rights.
In my particular case Apache 2 is running on a server dedicated for web
serving. It doesn't hold any user directories. LDAP lookup are done
against another server that is dedicated for LDAP.
Because user's home directories are on remote servers I've had to
configure Apache (mod_edir) to allow access to those remote volumes as
well as give the user that mod_edir is using Read and File Scan trustee
rights to the home directories (done at volume level so flow down).
HTH
Simon
|
|
|
|
|