Apache - LDAP

From Skytech
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.


Apache - LDAP

Basic auth

Add LDAP auth inside a virtual server:

                Options -Indexes
                AuthBasicProvider ldap
                AuthType Basic
                AuthName "Site of Überness"
                AuthLDAPURL ldap://ldapserver.skytech.dk/dc=skytech,dc=dk?uid
                AuthzLDAPAuthoritative on
                AuthLDAPGroupAttribute memberUid
                AuthLDAPGroupAttributeIsDN off

                ## If user should just exists
                Require valid-user   

                ## If you want a user to member of a specific group.  
                ## Add multiple ldap-group lines for allowing multiple groups
                Require ldap-group cn=emp,cn=groups,dc=skytech,dc=dk  
                Require ldap-group cn=ninja,cn=groups,dc=skytech,dc=dk

LDAP auth unless from certain ip/network

First, enable LDAP modules in apache (assuming debian here):

a2enmod ldap
a2enmod authnz_ldap

Using the basic auth from before just two more things are needed:

The normal allow/deny rules

                Order allow,deny
                allow from 192.168.0

                <INSERT LDAP AUTH FROM ABOVE>

                ## Allow either based on allow from clauses or via ldap auth
                Satisfy Any