Apache - LDAP

From Skytech
Revision as of 08:03, 17 September 2013 by Martin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


Apache - LDAP

Basic auth

Add LDAP auth inside a virtual server:

                Options -Indexes
                AuthBasicProvider ldap
                AuthType Basic
                AuthName "Site of Überness"
                AuthLDAPURL ldap://ldapserver.skytech.dk/dc=skytech,dc=dk?uid
                AuthzLDAPAuthoritative on
                AuthLDAPGroupAttribute memberUid
                AuthLDAPGroupAttributeIsDN off

                ## If user should just exists
                Require valid-user   

                ## If you want a user to member of a specific group.  
                ## Add multiple ldap-group lines for allowing multiple groups
                Require ldap-group cn=emp,cn=groups,dc=skytech,dc=dk  
                Require ldap-group cn=ninja,cn=groups,dc=skytech,dc=dk

LDAP auth unless from certain ip/network

First, enable LDAP modules in apache (assuming debian here):

a2enmod ldap
a2enmod authnz_ldap

Using the basic auth from before just two more things are needed:

The normal allow/deny rules

                Order allow,deny
                allow from 192.168.0

                <INSERT LDAP AUTH FROM ABOVE>

                ## Allow either based on allow from clauses or via ldap auth
                Satisfy Any