Configuring LDAP based authentication for apache

From Notes_Wiki
Revision as of 10:18, 7 November 2012 by Saurabh (talk | contribs) (Created page with "=Configuring LDAP based authentication for apache= To configure LDAP based authentication for apache use: #Install mod_authz_ldap package using '<tt>yum -y install mod_authz_...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Configuring LDAP based authentication for apache

To configure LDAP based authentication for apache use:

  1. Install mod_authz_ldap package using 'yum -y install mod_authz_ldap'
  2. For the appropriate Location or VirtualHost configure authentication using:
    Options all
    AllowOverride All
    Order deny,allow
    Deny from All
    AuthType Basic
    AuthName "Test1 SVN repository"
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative on
    AuthLDAPURL ldap://ldap.virtual-labs.ac.in:389/ou=people,dc=virtual-labs,dc=ac,dc=in?uid
    AuthLDAPGroupAttribute memberUid
    AuthLDAPGroupAttributeIsDN off
    Require ldap-group cn=admin,ou=groups,dc=virtual-labs,dc=ac,dc=in
    Require ldap-attribute gidNumber=501
    Satisfy any

Note:

  • Satisfy any ensures that only one of the require line needs to succed for authentication to succeed. Hence we can allow additional users using following:
    • Require ldap-user
    • Require ldap-dn
    • Require ldap-attribute
    • Require ldap-filter
    where if any of the above match succeeds authentication would be considered as successful.

Note for above settings to work, server must be able to resolve ldap.virtual-labs.ac.in to IP address. A simple way of achieving this is by adding '10.4.12.152 ldap.virtual-labs.ac.in' mapping to '/etc/hosts' file.