httpd-wiki-changes mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <>
Subject [Httpd Wiki] Update of "Recipies/UseLDAPToPasswordProtectAFolder" by pctony
Date Mon, 16 Oct 2006 22:38:24 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The following page has been changed by pctony:

The comment on the change is:
copied from ebp-moin

New page:
== Use LDAP to password protect a Folder ==

In this How-To guide, we will show you how to add LDAP authentication to your Apache web server.

=== Prerequisites ===

For this you are going to need the following ::

||OpenLDAP|| |||| ||OpenLDAP is going to be our
LDAP Server.||
||Apache HTTP Server|| |||| ||Apache HTTP Server...||
||PHPLDAPAdmin|| |||| ||PHPLDAPAdmin is a web based LDAP
editing tool||

Ok, for the purpose of this document, we will show you how to add the required statements,
to a !VirtualHost.
This is an example !VirtualHost stanza

<VirtualHost *:80>
DocumentRoot /home/www

<Directory "/home/www">
Options FollowSymLinks Includes
AllowOverride None
Order allow,deny
Allow from all

# -- LDAP Auth Begins Here -- #

AuthType Basic
AuthName LDAP_Auth_Test
AuthBasicProvider ldap
AuthzLDAPAuthoritative OFF
AuthLDAPBindDN          cn=apacheldap,dc=mydomain,dc=com
AuthLDAPBindPassword    letmein
AuthLDAPURL ldap://localhost/dc=mydomain,dc=com?cn?sub
require valid-user

# -- LDAP Auth Ends Here -- #

Some of the statements may look familiar to you, as you may have used them within a .htaccess
in the past.
[[BR]]In the example below we will be using a specific account in LDAP to allow Apache to
'bind' to LDAP in order to authenticate all incoming requests.  For this you will need to
create one such account, we use the example 'apacheldap' below.  
=== LDAP Directives ===
We will now step though each line of the LDAP authentication stages, and explain what they

||!AuthType Basic|| ||This line tells apache to use Basic authentication.  This is essentially
a Plain Text authentication session.||
||!AuthName LDAP_Auth_Test|| ||This is basically the realm name that will be displayed in
the login box presented by your browser.||
||!AuthBasicProvider ldap|| ||This line instructs apache to use only LDAP for authentication.
 You can have multiple entries on one line, if you want to use multiple methods, but that
is beyond the scope of this document.||
||AuthzLDAPAuthoritative OFF|| ||Having this switched 'ON' would prevent over authz modules
from authenticating users.  This is not a real issue in this example, but we will leave it
switched off for simplicity's sake.||
||AuthLDAPBindDN|| ||Bind to the LDAP server for all operations using a specific user ID.
 In this case we will use ''cn=apacheldap,dc=mydomain,dc=com'' (this is the account we mentioned
earlier in the document).||
||AuthLDAP!BindPassword|| ||Bind to the LDAP server for all operations using a specific password.
 In this case '' 'letmein' ''||
||AuthLDAPURL !ldap://localhost/dc=mydomain,dc=com?cn?sub|| ||This line tells Apache which
server, and path to use to authenticate against.  In this example, Apache will check the local
LDAP server, in tree ''dc=mydomain,dc=com'', and it will then search for cn fields, recursively.
 If we use ''cn=apacheldap,dc=mydomain,dc=com'' as an example, you will notice that the cn
for the apacheldap account in ''apacheldap''.  This means when prompted by your browser for
a username, you should ebter your canonical name.  You can set this to sn, gn, etc and then
you will be required to login as your first name, or surname.||
||require valid-user|| ||This line instrcucts Apache to ensure the username entered in the
browser matches that of one in the LDAP tree.||

=== Steps ===

 1.  Build Apache with LDAP support.
 1.  Use the !LoadModule statement to load the module into Apache at Startup.
 1.  Follow the instructions above, to secure the <Directory>.
 1.  Restart Apache and test.
 1.  Enjoy!

View raw message