Hi ivars Many thanks that's just what I was looking for.
Sorry about the iPad it should be ipa but it seems I am a victim of autocorrect 🤣 Regards Per Sent from my Commodore 64 > On 8 Aug 2017, at 18:07, Ivars Strazdiņš via FreeIPA-users > <[email protected]> wrote: > > Hi Per, > could you define “working configuration” requirements and what’s iPad > specific? > Anyway, below is my setup with Centos Apache to authenticate against IPA via > LDAP using either username (uid) or e-mail. No Kerberos or GSSAPI used, just > “pure” LDAP. > Please note, IPA group “shareusers” membership is required. IPA host is > im.example.com > With kind regards, > Ivars > > File /etc/httpd/access/ldap.conf > > AuthName "File service login" > # AuthBasicProviders are defined in ../conf.d/00-ldap.conf > AuthBasicProvider ldap-uid ldap-mail > AuthType Basic > > # Even if AuthLDAPURL is defined in AuthnProviderAlias in > ../conf.d/00-ldap.conf and processed earlier > # these directives are mandatory to authorize after authentication > AuthLDAPURL > ldaps://im.example.com/cn=users,cn=accounts,dc=example,dc=com?mail?sub?(memberOf=cn=shareusers,cn=groups,cn=accounts,dc=example,dc=com) > AuthLDAPInitialBindAsUser On > AuthLDAPSearchAsUser On > AuthLDAPCompareAsUser On > > > File /etc/httpd/conf.d/00-ldap.conf > > LDAPTrustedGlobalCert CA_BASE64 /etc/ipa/ca.crt > > # AuthnProviderAlias must be defined here, it cannot be in VirtualHost > # because ../access/ldap.conf is VirtualHost level > > # ldap-mail is tried last (after ldap-uid) > <AuthnProviderAlias ldap ldap-mail> > AuthLDAPURL > ldaps://im.example.com/cn=users,cn=accounts,dc=example,dc=com?mail?sub?(memberOf=cn=shareusers,cn=groups,cn=accounts,dc=example,dc=com) > # this one (last) must be authoritative > # AuthLDAPBindAuthoritative off > AuthLDAPInitialBindAsUser On > AuthLDAPSearchAsUser On > AuthLDAPCompareAsUser On > AuthLDAPInitialBindPattern (.+)\@(.+) > uid=$1,cn=users,cn=accounts,dc=example,dc=com > </AuthnProviderAlias> > > # ldap-uid is tried first > <AuthnProviderAlias ldap ldap-uid> > AuthLDAPURL > ldaps://im.example.com/cn=users,cn=accounts,dc=example,dc=com?uid?sub?(memberOf=cn=shareusers,cn=groups,cn=accounts,dc=example,dc=com) > # first one is NOT authoritative > AuthLDAPBindAuthoritative off > AuthLDAPInitialBindAsUser On > AuthLDAPSearchAsUser On > AuthLDAPCompareAsUser On > AuthLDAPInitialBindPattern (.+) > uid=$1,cn=users,cn=accounts,dc=example,dc=com > </AuthnProviderAlias> > > >> On 2017. gada 8. aug., at 15:11, Per Qvindesland via FreeIPA-users >> <[email protected]> wrote: >> >> Hi All >> >> Does anyone have any working mod_ldap configuration for Centos 7 with apache >> 2.4.6 with iPad to share? >> >> Regards >> Per >> >> >> >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected]
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
