I was able to get htauth againt ldap and restricting against groups using:
<Location /protected>
# Ldap auth access
AuthType Basic
AuthName "Restricted"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://ldap.linuxweblog. com/ou=People,dc=linuxweblog,d c=com"
Require ldap-group cn=web,ou=group,dc=domain,dc=t ld
AuthLDAPGroupAttributeIsDN off
AuthLDAPGroupAttribute memberUid
</Location>
Here is what the ldap search entry looks like:
# ldapsearch -x 'cn=web'
# extended LDIF
#
# LDAPv3
# base <> with scope subtree
# filter: cn=web
# requesting: ALL
#
# web, group, linuxweblog.com
dn: cn=web,ou=group,dc=linuxweblog ,dc=com
objectClass: posixGroup
gidNumber: 10002
cn: web
description: access to web protected folders
memberUid: user1
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
It is essential to enter "AuthLDAPGroupAttributeIsDN off" and "AuthLDAPGroupAttribute memberUid" for it to get to the member attribute.
Reference: mod_authnz_ldap
- sandip's blog
- Login or register to post comments
Comments
When testing, you can easily log out of htauth sessions via:
http://logout@domain.tld/prote cted/
This should invalidate current logged in session and prompt to login again.