Enable LDAP authentication in Apache

Assuming you have a LDAP server somewhere and you don't want to authenticate users via htpasswd file anymore... I mean, having all your users in one place is a good thing - it's debatable, but in general is a good thing, right?

Now, the technical part...

My LDAP structure is like this:
- groups: cn=group,ou=groups,dc=example,dc=com
- users: uid=firstname.lastname,ou=users,dc=example,dc=com

Next... apache2...

[codesyntax lang="bash"]

a2enmod authnz_ldap


Add this inside your virtualhost.

<Location />
        Order allow,deny
        Allow from all
        Deny from all
        AuthName "Boo..."
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative on

        # Search user
        AuthLDAPURL ldap://IP-DOMAIN-CONTROLLER:389/ou=users,dc=example,dc=com?uid

        # Use this user to bind to LDAP
        AuthLDAPBindDN "uid=ldapauthuser,ou=users,dc=example,dc=com"
        AuthLDAPBindPassword "password"
        Require valid-user
        Satisfy any

        # More restrictions!
        # specific user
        #   Require ldap-user john.doe john1.doe john2.doe
        # specific user by DN
        #   Require ldap-dn CN=John Doe,OU=Finance,OU=Germany,DC=example,DC=net
        # member of group
        #   Require ldap-group CN=Finance Department,OU=Finance,OU=Germany,DC=example,DC=net

Restart apache server

[codesyntax lang="bash"]

/etc/init.d/apache2 restart


That's it!

Scrie si tu o vorbulita

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.