Configuring LDAP based authentication for apache

From Notes_Wiki
Revision as of 23:14, 17 November 2012 by Saurabh (talk | contribs)

Configuring LDAP based authentication for apache

To configure LDAP based authentication for apache use:

  1. Install mod_authz_ldap package using 'yum -y install mod_authz_ldap'
  2. For the appropriate Location or VirtualHost configure authentication using: 
    Options all
    

    AllowOverride All
    

    Order deny,allow
    

    Deny from All
    

    AuthType Basic
    

    AuthName "Test1 SVN repository"
    

    AuthBasicProvider ldap
    

    AuthzLDAPAuthoritative on
    

    AuthLDAPURL ldap://ldap.virtual-labs.ac.in:389/ou=people,dc=virtual-labs,dc=ac,dc=in?uid
    

    AuthLDAPGroupAttribute memberUid
    

    AuthLDAPGroupAttributeIsDN off
    

    Require ldap-group cn=admin,ou=groups,dc=virtual-labs,dc=ac,dc=in
    

    Require ldap-attribute gidNumber=501
    

    Satisfy any

Note:

  • Satisfy any ensures that only one of the require line needs to succed for authentication to succeed. Hence we can allow additional users using following:
    • Require ldap-user
    • Require ldap-dn
    • Require ldap-attribute
    • Require ldap-filter
    where if any of the above match succeeds authentication would be considered as successful.

Note for above settings to work, server must be able to resolve ldap.virtual-labs.ac.in to IP address. A simple way of achieving this is by adding '10.4.12.152 ldap.virtual-labs.ac.in' mapping to '/etc/hosts' file.


Back to Apache web server configuration

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Configuring_LDAP_based_authentication_for_apache&oldid=538"