Am Wed, 23 Mar 2016 14:40:41 +0000 (UTC) schrieb Mary Kao <[email protected]>:
> Thank you very much. I think I would like to avoid the use of > posixAccount and shadowAccount. Does anyone have a simpler LDIF > containing uid and password? As your object provides an attribute 'uid:christine', you don't have to rewrite the DN, man slapd.conf(5) provides some hints how to solve your problem. In particular read on authid-rewrite and authz-regexp > Also, how does Apache httpd pick up the value for "uid"? This depends on the apache module configured, but you may read on apache mod_authnz_ldap, as mod_auth_ldap is not supported any more. http://httpd.apache.org/docs/current/howto/auth.html -Dieter > > Thank you,Mary > > > On Wednesday, March 23, 2016 4:42 AM, Saša-Stjepan Bakša > <[email protected]> wrote: > > Hi, > > Maybe this will help you. I am using this for testing purpose and I > am sure that there are some more scure examples but ... This is a > test user, test group and test apache2 config part: > > User: > > dn: uid=ptest,ou=CS,ou=Policy,ou=SDM,dc=lab,dc=os > objectClass: posixAccount > objectClass: top > objectClass: inetOrgPerson > objectClass: shadowAccount > gidNumber: 27782 > givenName: Proba > sn: Test > displayName: Proba Test > uid: ptest > homeDirectory: /home/ptest > gecos: This is a test user > loginShell: /bin/bash > shadowFlag: 0 > shadowMin: 0 > shadowMax: 99999 > shadowWarning: 0 > shadowInactive: 99999 > shadowLastChange: 12011 > shadowExpire: 99999 > cn: Proba Test > uidNumber: 51893 > userPassword: {SSHA}sdssdske38734mjfFGGHJJ23434dsdsfs= > mail: [email protected] > > Group: > > dn: cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os > objectClass: posixGroup > objectClass: top > cn: proba > memberUid: ptest > memberUid: labadmin > gidNumber: 28370 > > Apache config: > > <Directory /var/www> > #Options Indexes FollowSymLinks MultiViews > AllowOverride AuthConfig > Order allow,deny > allow from all > </Directory> > > <Location /> > AuthType Basic > AuthName "Software" > AuthBasicProvider ldap > AuthLDAPURL > "ldap://192.168.15.140:389/ou=SDM,dc=lab,dc=os?uid"; > AuthLDAPGroupAttributeIsDN off AuthLDAPGroupAttribute memberUid > Require ldap-group > cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os </Location> > > > > > On 22 March 2016 at 22:22, Cole <[email protected]> wrote: > > Hi Mary, > > If this is similar to ssh auth against LDAP using uid, the dn would > look like the following > dn: uid=christine,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com > > Now I am not sure how Apache does the lookup, but if I am wrong, maybe > someone else can reply. > > Regards > /Cole > > On 22 March 2016 at 21:33, Mary Kao <[email protected]> wrote: > > Hello, > > > > This is a real newbie question ::) > > > > I have configured apache httpd to use LDAP for basic authentication > > (userid and password). > > I am not sure what the directory DN should look like when using > > "uid" rather than "cn"? > > > > In my LDAP directory I have: > > > > dn: cn=Christine > > Smith,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com objectClass: > > top objectClass: person > > objectClass: organizationalPerson > > objectClass: uidObject > > cn: Christine Smith > > sn: Smith > > uid: christine > > userPassword:: Y2hyaXN0aW5l > > > > > > Where do I put the "uid" so that when the httpd sends over the uid > > the ldap server will search on it? > > > > Thank you, > > Mary > > > > > > > > > > -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
