Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by RiciLake: http://wiki.apache.org/httpd/UseLDAPToPasswordProtectAFolder The comment on the change is: More fixups, changed "Canonical Name" to the correct "common name", etc. ------------------------------------------------------------------------------ ||AuthzLDAPAuthoritative OFF|| ||Having this switched 'ON' would prevent other authorization modules from authenticating users. This is necessary to allow the 'require valid-users' below to work, since we are only using LDAP to authenticate in this example.|| ||AuthLDAPBindDN|| ||Bind to the LDAP server for all operations using a specific user ID. In this case we will use ''cn=apacheldap,dc=mydomain,dc=com'' (this is the account we mentioned earlier in the document).|| ||AuthLDAP!BindPassword|| ||Bind to the LDAP server for all operations using a specific password. In this case '' 'letmein' ''|| - ||AuthLDAPURL !ldap://localhost/dc=mydomain,dc=com?cn?sub|| ||This line tells Apache which server and path to use to authenticate against. In this example, Apache will check the local LDAP server, in tree ''dc=mydomain,dc=com'', and it will then search for cn fields, recursively. If we use ''cn=apacheldap,dc=mydomain,dc=com'' as an example, you will notice that the cn for the apacheldap account in ''apacheldap''. This means when prompted by your browser for a username, you should enter your canonical name. You can set this to sn, gn, etc and then you will be required to login as your first name, or surname.|| + ||AuthLDAPURL ldap://localhost/dc=mydomain,dc=com?cn?sub|| ||This line tells Apache which server and path to use to authenticate against. In this example, Apache will check all entries in the local LDAP server in the tree ''dc=mydomain,dc=com'' for an entry whose ''cn'' (common name) field matches. This means when prompted by your browser for a username, you should enter your full name. You could set this to ''sn'', ''uid'', or any other attribute which is present in the LDAP entries. Note that the attribute does not have to be the one which is used for the entry's distinguished name.|| - ||Require valid-user|| ||This line instructs Apache to give access to anyone whose identity has been authenticated. Using the authnorization component of mod_authnz_ldap, you could restrict access further, for example to members of an LDAP group.|| + ||Require valid-user|| ||This line instructs Apache to give access to anyone whose identity has been authenticated. Using the authorization component of mod_authnz_ldap, you could restrict access further, for example to members of an LDAP group.|| === Steps ===
