Apache - LDAP

From Skytech
Revision as of 08:03, 17 September 2013 by Martin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


Apache - LDAP

Basic auth

Add LDAP auth inside a virtual server: 

                Options -Indexes
                AuthBasicProvider ldap
                AuthType Basic
                AuthName "Site of Überness"
                AuthLDAPURL ldap://ldapserver.skytech.dk/dc=skytech,dc=dk?uid
                AuthzLDAPAuthoritative on
                AuthLDAPGroupAttribute memberUid
                AuthLDAPGroupAttributeIsDN off

                ## If user should just exists
                Require valid-user   

                ## If you want a user to member of a specific group.  
                ## Add multiple ldap-group lines for allowing multiple groups
                Require ldap-group cn=emp,cn=groups,dc=skytech,dc=dk  
                Require ldap-group cn=ninja,cn=groups,dc=skytech,dc=dk

LDAP auth unless from certain ip/network

First, enable LDAP modules in apache (assuming debian here): 

a2enmod ldap
a2enmod authnz_ldap

Using the basic auth from before just two more things are needed:

The normal allow/deny rules 

                Order allow,deny
                allow from 192.168.0

                <INSERT LDAP AUTH FROM ABOVE>

                ## Allow either based on allow from clauses or via ldap auth
                Satisfy Any
Retrieved from "https://wiki.skytech.dk/index.php?title=Apache_-_LDAP&oldid=2048"