Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by pctony: http://wiki.apache.org/httpd/Recipies/UseLDAPToPasswordProtectAFolder The comment on the change is: copied from ebp-moin New page: == Use LDAP to password protect a Folder == In this How-To guide, we will show you how to add LDAP authentication to your Apache web server. === Prerequisites === For this you are going to need the following :: ||OpenLDAP|| ||http://www.openldap.org/software/download/|| ||OpenLDAP is going to be our LDAP Server.|| ||Apache HTTP Server|| ||http://httpd.apache.org/download.cgi|| ||Apache HTTP Server...|| ||PHPLDAPAdmin|| ||http://phpldapadmin.sourceforge.net/|| ||PHPLDAPAdmin is a web based LDAP editing tool|| Ok, for the purpose of this document, we will show you how to add the required statements, to a !VirtualHost. [[BR]] This is an example !VirtualHost stanza {{{ <VirtualHost *:80> Servername www.myserver.com DocumentRoot /home/www <Directory "/home/www"> Options FollowSymLinks Includes AllowOverride None Order allow,deny Allow from all # -- LDAP Auth Begins Here -- # AuthType Basic AuthName LDAP_Auth_Test AuthBasicProvider ldap AuthzLDAPAuthoritative OFF AuthLDAPBindDN cn=apacheldap,dc=mydomain,dc=com AuthLDAPBindPassword letmein AuthLDAPURL ldap://localhost/dc=mydomain,dc=com?cn?sub require valid-user # -- LDAP Auth Ends Here -- # </Directory> </VirtualHost> }}} Some of the statements may look familiar to you, as you may have used them within a .htaccess in the past. [[BR]] [[BR]]In the example below we will be using a specific account in LDAP to allow Apache to 'bind' to LDAP in order to authenticate all incoming requests. For this you will need to create one such account, we use the example 'apacheldap' below. [[BR]] === LDAP Directives === [[BR]] We will now step though each line of the LDAP authentication stages, and explain what they do: [[BR]] [[BR]] ||!AuthType Basic|| ||This line tells apache to use Basic authentication. This is essentially a Plain Text authentication session.|| ||!AuthName LDAP_Auth_Test|| ||This is basically the realm name that will be displayed in the login box presented by your browser.|| ||!AuthBasicProvider ldap|| ||This line instructs apache to use only LDAP for authentication. You can have multiple entries on one line, if you want to use multiple methods, but that is beyond the scope of this document.|| ||AuthzLDAPAuthoritative OFF|| ||Having this switched 'ON' would prevent over authz modules from authenticating users. This is not a real issue in this example, but we will leave it switched off for simplicity's sake.|| ||AuthLDAPBindDN|| ||Bind to the LDAP server for all operations using a specific user ID. In this case we will use ''cn=apacheldap,dc=mydomain,dc=com'' (this is the account we mentioned earlier in the document).|| ||AuthLDAP!BindPassword|| ||Bind to the LDAP server for all operations using a specific password. In this case '' 'letmein' ''|| ||AuthLDAPURL !ldap://localhost/dc=mydomain,dc=com?cn?sub|| ||This line tells Apache which server, and path to use to authenticate against. In this example, Apache will check the local LDAP server, in tree ''dc=mydomain,dc=com'', and it will then search for cn fields, recursively. If we use ''cn=apacheldap,dc=mydomain,dc=com'' as an example, you will notice that the cn for the apacheldap account in ''apacheldap''. This means when prompted by your browser for a username, you should ebter your canonical name. You can set this to sn, gn, etc and then you will be required to login as your first name, or surname.|| ||require valid-user|| ||This line instrcucts Apache to ensure the username entered in the browser matches that of one in the LDAP tree.|| === Steps === 1. Build Apache with LDAP support. 1. Use the !LoadModule statement to load the module into Apache at Startup. 1. Follow the instructions above, to secure the <Directory>. 1. Restart Apache and test. 1. Enjoy!
