Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by RiciLake: http://wiki.apache.org/httpd/UseLDAPToPasswordProtectAFolder The comment on the change is: Mention mod_authz_user, tried to get the list of needed modules right. ------------------------------------------------------------------------------ ||!AuthType Basic|| ||This line tells apache to use Basic authentication. This sends the user's password in plain text and should normally only be used with SSL.|| ||!AuthName LDAP_Auth_Test|| ||This is the realm name that will be displayed in the login box presented by your browser.|| ||!AuthBasicProvider ldap|| ||This line instructs apache to use only LDAP for authentication. You can have multiple entries on one line, if you want to use multiple methods, but that is beyond the scope of this document.|| - ||AuthzLDAPAuthoritative OFF|| ||Having this switched 'ON' would prevent other authorization modules from authenticating users. This is necessary to allow the 'require valid-users' below to work, since we are only using LDAP to authenticate in this example.|| + ||AuthzLDAPAuthoritative OFF|| ||Having this switched 'ON' would prevent other authorization modules from authenticating users. This is necessary to allow the ''require valid-users'' below to work, since it is implemented by ''mod_authz_user''. In this example, we are only using LDAP to authenticate users.|| ||AuthLDAPBindDN|| ||Bind to the LDAP server for all operations using a specific user ID. In this case we will use ''cn=apacheldap,dc=mydomain,dc=com'' (this is the account we mentioned earlier in the document).|| ||AuthLDAP!BindPassword|| ||Bind to the LDAP server for all operations using a specific password. In this case '' 'letmein' ''|| ||AuthLDAPURL ldap://localhost/dc=mydomain,dc=com?cn?sub|| ||This line tells Apache which server and path to use to authenticate against. In this example, Apache will check all entries in the local LDAP server in the tree ''dc=mydomain,dc=com'' for an entry whose ''cn'' (common name) field matches. This means when prompted by your browser for a username, you should enter your full name. You could set this to ''sn'', ''uid'', or any other attribute which is present in the LDAP entries. Note that the attribute does not have to be the one which is used for the entry's distinguished name.|| @@ -72, +72 @@ === Steps === 1. Build Apache with LDAP support. - 1. Use the !LoadModule statement to load the module into Apache at startup. + 1. Make sure that ''mod_ldap'', ''mod_authnz_ldap'', ''mod_authz_user'' and ''mod_auth_basic'' are loaded with !LoadModule directives, if necessary. (Some of these may be compiled statically into your Apache.) 1. Follow the instructions above, to secure the <Directory>. 1. Restart Apache and test. 1. Enjoy!
