Apache LDAP Authentication and Require ldap-group

Wed, 10/05/2011 - 22:18 — sandip

I was able to get htauth againt ldap and restricting against groups using:

<Location /protected>
    # Ldap auth access
    AuthType Basic
    AuthName "Restricted"
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative on
    AuthLDAPURL "ldap://ldap.linuxweblog.com/ou=People,dc=linuxweblog,dc=com"
    Require ldap-group cn=web,ou=group,dc=domain,dc=tld
    AuthLDAPGroupAttributeIsDN off
    AuthLDAPGroupAttribute memberUid
</Location>

Here is what the ldap search entry looks like:

# ldapsearch -x 'cn=web'
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: cn=web
# requesting: ALL
#

# web, group, linuxweblog.com
dn: cn=web,ou=group,dc=linuxweblog,dc=com
objectClass: posixGroup
gidNumber: 10002
cn: web
description: access to web protected folders
memberUid: user1

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

It is essential to enter "AuthLDAPGroupAttributeIsDN off" and "AuthLDAPGroupAttribute memberUid" for it to get to the member attribute.

Reference: mod_authnz_ldap

Bookmark/Search this post with

sandip's blog
Login or register to post comments

Comments

Wed, 10/05/2011 - 22:26 — sandip htauth logout

When testing, you can easily log out of htauth sessions via:

http://logout@domain.tld/protected/

This should invalidate current logged in session and prompt to login again.

Login or register to post comments

Navigation

Home | Forum | Recent Posts | News | Archives | Contact
This site houses a collection of Tips, Tricks, Resources and Guides of Individuals, put together and edited for personal reference into a daily web journal...
Content may not be reproduced without permission from the Individuals.
Copyright © post 2003 L I N U X w e B l o g . C O M

LinuxWebLog.com