Apache - LDAP: Difference between revisions

From Skytech
Jump to navigation Jump to search
(Created page with "Category:Linux = Apache - LDAP = == Basic auth == Add LDAP auth inside a virtual server: <pre> Options -Indexes AuthBasicProvider ldap ...")
 
No edit summary
 
Line 24: Line 24:
</pre>
</pre>


== LDAP auth unless from certain ip/network =
= LDAP auth unless from certain ip/network =
First, enable LDAP modules in apache (assuming debian here):
<pre>
a2enmod ldap
a2enmod authnz_ldap
</pre>

Using the basic auth from before just two more things are needed:
Using the basic auth from before just two more things are needed:


Latest revision as of 08:03, 17 September 2013


Apache - LDAP

Basic auth

Add LDAP auth inside a virtual server: 

                Options -Indexes
                AuthBasicProvider ldap
                AuthType Basic
                AuthName "Site of Überness"
                AuthLDAPURL ldap://ldapserver.skytech.dk/dc=skytech,dc=dk?uid
                AuthzLDAPAuthoritative on
                AuthLDAPGroupAttribute memberUid
                AuthLDAPGroupAttributeIsDN off

                ## If user should just exists
                Require valid-user   

                ## If you want a user to member of a specific group.  
                ## Add multiple ldap-group lines for allowing multiple groups
                Require ldap-group cn=emp,cn=groups,dc=skytech,dc=dk  
                Require ldap-group cn=ninja,cn=groups,dc=skytech,dc=dk

LDAP auth unless from certain ip/network

First, enable LDAP modules in apache (assuming debian here): 

a2enmod ldap
a2enmod authnz_ldap

Using the basic auth from before just two more things are needed:

The normal allow/deny rules 

                Order allow,deny
                allow from 192.168.0

                <INSERT LDAP AUTH FROM ABOVE>

                ## Allow either based on allow from clauses or via ldap auth
                Satisfy Any
Retrieved from "https://wiki.skytech.dk/index.php?title=Apache_-_LDAP&oldid=2048"