Configuring LDAP based authentication for apache

To configure LDAP based authentication for apache use:

1. Install mod_authz_ldap package using 'yum -y install mod_authz_ldap'
2. For the appropriate Location or VirtualHost configure authentication using:

   Options all
   AllowOverride All
   Order deny,allow
   Deny from All
   AuthType Basic
   AuthName "Test1 SVN repository"
   AuthBasicProvider ldap
   AuthzLDAPAuthoritative on
   AuthLDAPURL ldap://ldap.virtual-labs.ac.in:389/ou=people,dc=virtual-labs,dc=ac,dc=in?uid
   AuthLDAPGroupAttribute memberUid
   AuthLDAPGroupAttributeIsDN off
   Require ldap-group cn=admin,ou=groups,dc=virtual-labs,dc=ac,dc=in
   Require ldap-attribute gidNumber=501
   Satisfy any

Note:

• Satisfy any ensures that only one of the require line needs to succed for authentication to succeed. Hence we can allow additional users using following:
  • Require ldap-user
  • Require ldap-dn
  • Require ldap-attribute
  • Require ldap-filter

  where if any of the above match succeeds authentication would be considered as successful.

Note for above settings to work, server must be able to resolve ldap.virtual-labs.ac.in to IP address. A simple way of achieving this is by adding '10.4.12.152 ldap.virtual-labs.ac.in' mapping to '/etc/hosts' file.

Back to Apache web server configuration