Thank you very much. I think I would like to avoid the use of posixAccount and
shadowAccount. Does anyone have a simpler LDIF containing uid and password?
Also, how does Apache httpd pick up the value for "uid"?
Thank you,Mary
On Wednesday, March 23, 2016 4:42 AM, Saša-Stjepan Bakša
<[email protected]> wrote:
Hi,
Maybe this will help you. I am using this for testing purpose and I am sure
that there are some more scure examples but ...
This is a test user, test group and test apache2 config part:
User:
dn: uid=ptest,ou=CS,ou=Policy,ou=SDM,dc=lab,dc=os
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: shadowAccount
gidNumber: 27782
givenName: Proba
sn: Test
displayName: Proba Test
uid: ptest
homeDirectory: /home/ptest
gecos: This is a test user
loginShell: /bin/bash
shadowFlag: 0
shadowMin: 0
shadowMax: 99999
shadowWarning: 0
shadowInactive: 99999
shadowLastChange: 12011
shadowExpire: 99999
cn: Proba Test
uidNumber: 51893
userPassword: {SSHA}sdssdske38734mjfFGGHJJ23434dsdsfs=
mail: [email protected]
Group:
dn: cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os
objectClass: posixGroup
objectClass: top
cn: proba
memberUid: ptest
memberUid: labadmin
gidNumber: 28370
Apache config:
<Directory /var/www>
#Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
<Location />
AuthType Basic
AuthName "Software"
AuthBasicProvider ldap
AuthLDAPURL "ldap://192.168.15.140:389/ou=SDM,dc=lab,dc=os?uid";
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute memberUid
Require ldap-group cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os
</Location>
On 22 March 2016 at 22:22, Cole <[email protected]> wrote:
Hi Mary,
If this is similar to ssh auth against LDAP using uid, the dn would
look like the following
dn: uid=christine,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com
Now I am not sure how Apache does the lookup, but if I am wrong, maybe
someone else can reply.
Regards
/Cole
On 22 March 2016 at 21:33, Mary Kao <[email protected]> wrote:
> Hello,
>
> This is a real newbie question ::)
>
> I have configured apache httpd to use LDAP for basic authentication (userid
> and password).
> I am not sure what the directory DN should look like when using "uid" rather
> than "cn"?
>
> In my LDAP directory I have:
>
> dn: cn=Christine Smith,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: uidObject
> cn: Christine Smith
> sn: Smith
> uid: christine
> userPassword:: Y2hyaXN0aW5l
>
>
> Where do I put the "uid" so that when the httpd sends over the uid the ldap
> server will search on it?
>
> Thank you,
> Mary
>
>
