Assuming you have a LDAP server somewhere and you don't want to authenticate users via htpasswd file anymore... I mean, having all your users in one place is a good thing - it's debatable, but in general is a good thing, right?
Now, the technical part...
My LDAP structure is like this:
- groups: cn=group,ou=groups,dc=example,dc=com
- users: uid=firstname.lastname,ou=users,dc=example,dc=com
Next... apache2...
[codesyntax lang="bash"]
a2enmod authnz_ldap
[/codesyntax]
Add this inside your virtualhost.
<Location />
Order allow,deny
Allow from all
Deny from all
AuthName "Boo..."
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
# Search user
AuthLDAPURL ldap://IP-DOMAIN-CONTROLLER:389/ou=users,dc=example,dc=com?uid
# Use this user to bind to LDAP
AuthLDAPBindDN "uid=ldapauthuser,ou=users,dc=example,dc=com"
AuthLDAPBindPassword "password"
Require valid-user
Satisfy any
# More restrictions!
# specific user
# Require ldap-user john.doe john1.doe john2.doe
# specific user by DN
# Require ldap-dn CN=John Doe,OU=Finance,OU=Germany,DC=example,DC=net
# member of group
# Require ldap-group CN=Finance Department,OU=Finance,OU=Germany,DC=example,DC=net
</Location>
Restart apache server
[codesyntax lang="bash"]
/etc/init.d/apache2 restart
[/codesyntax]
That's it!
0 Comentarii.