Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by noodl: http://wiki.apache.org/httpd/UseLDAPToPasswordProtectAFolder The comment on the change is: Typos, htaccess misuse & remove reference to unused phpldapadmin ------------------------------------------------------------------------------ ||OpenLDAP|| ||http://www.openldap.org/software/download/|| ||OpenLDAP is going to be our LDAP Server.|| ||Apache HTTP Server|| ||http://httpd.apache.org/download.cgi|| ||Apache HTTP Server...|| - ||PHPLDAPAdmin|| ||http://phpldapadmin.sourceforge.net/|| ||PHPLDAPAdmin is a web based LDAP editing tool|| Ok, for the purpose of this document, we will show you how to add the required statements, to a !VirtualHost. @@ -51, +50 @@ }}} - Some of the statements may look familiar to you, as you may have used them within a .htaccess in the past. + Some of the statements may look familiar to you, as you may have used them for authentication in the past. [[BR]] [[BR]]In the example below we will be using a specific account in LDAP to allow Apache to 'bind' to LDAP in order to authenticate all incoming requests. For this you will need to create one such account, we use the example 'apacheldap' below. [[BR]] @@ -67, +66 @@ ||AuthzLDAPAuthoritative OFF|| ||Having this switched 'ON' would prevent over authz modules from authenticating users. This is not a real issue in this example, but we will leave it switched off for simplicity's sake.|| ||AuthLDAPBindDN|| ||Bind to the LDAP server for all operations using a specific user ID. In this case we will use ''cn=apacheldap,dc=mydomain,dc=com'' (this is the account we mentioned earlier in the document).|| ||AuthLDAP!BindPassword|| ||Bind to the LDAP server for all operations using a specific password. In this case '' 'letmein' ''|| - ||AuthLDAPURL !ldap://localhost/dc=mydomain,dc=com?cn?sub|| ||This line tells Apache which server, and path to use to authenticate against. In this example, Apache will check the local LDAP server, in tree ''dc=mydomain,dc=com'', and it will then search for cn fields, recursively. If we use ''cn=apacheldap,dc=mydomain,dc=com'' as an example, you will notice that the cn for the apacheldap account in ''apacheldap''. This means when prompted by your browser for a username, you should ebter your canonical name. You can set this to sn, gn, etc and then you will be required to login as your first name, or surname.|| + ||AuthLDAPURL !ldap://localhost/dc=mydomain,dc=com?cn?sub|| ||This line tells Apache which server and path to use to authenticate against. In this example, Apache will check the local LDAP server, in tree ''dc=mydomain,dc=com'', and it will then search for cn fields, recursively. If we use ''cn=apacheldap,dc=mydomain,dc=com'' as an example, you will notice that the cn for the apacheldap account in ''apacheldap''. This means when prompted by your browser for a username, you should enter your canonical name. You can set this to sn, gn, etc and then you will be required to login as your first name, or surname.|| - ||Require valid-user|| ||This line instrcucts Apache to ensure the username entered in the browser matches that of one in the LDAP tree.|| + ||Require valid-user|| ||This line instructs Apache to ensure the username entered in the browser matches that of one in the LDAP tree.|| === Steps === 1. Build Apache with LDAP support. - 1. Use the !LoadModule statement to load the module into Apache at Startup. + 1. Use the !LoadModule statement to load the module into Apache at startup. 1. Follow the instructions above, to secure the <Directory>. 1. Restart Apache and test. 1. Enjoy!
