Configuring LDAP based authentication for apache
From Notes_Wiki
Configuring LDAP based authentication for apache
To configure LDAP based authentication for apache use:
- Install mod_authz_ldap package using 'yum -y install mod_authz_ldap'
- For the appropriate Location or VirtualHost configure authentication using:
- Options all
- AllowOverride All
- Order deny,allow
- Deny from All
- AuthType Basic
- AuthName "Test1 SVN repository"
- AuthBasicProvider ldap
- AuthzLDAPAuthoritative on
- AuthLDAPURL ldap://ldap.virtual-labs.ac.in:389/ou=people,dc=virtual-labs,dc=ac,dc=in?uid
- AuthLDAPGroupAttribute memberUid
- AuthLDAPGroupAttributeIsDN off
- Require ldap-group cn=admin,ou=groups,dc=virtual-labs,dc=ac,dc=in
- Require ldap-attribute gidNumber=501
- Satisfy any
Note:
- Satisfy any ensures that only one of the require line needs to succed for authentication to succeed. Hence we can allow additional users using following:
- Require ldap-user
- Require ldap-dn
- Require ldap-attribute
- Require ldap-filter
- where if any of the above match succeeds authentication would be considered as successful.
Note for above settings to work, server must be able to resolve ldap.virtual-labs.ac.in to IP address. A simple way of achieving this is by adding '10.4.12.152 ldap.virtual-labs.ac.in' mapping to '/etc/hosts' file.