{{tag>en en:linux en:server en:web en:authentication}}
====== Authentication with Apache ======
===== LDAP authentication =====
This chapter describe how to configure LDAP authentication with [[en:linux:serveur_web|Apache]].
==== Installation ====
To install the LDAP server, please look at [[en:linux:openldap]].
The LDAP authentication with Apache2 is done with the module authnz_ldap. To enable it, use the following commands :
bender:/etc/apache2# a2enmod authnz_ldap
Enabling ldap as a dependency
Module ldap installed; run /etc/init.d/apache2 force-reload to enable.
Module authnz_ldap installed; run /etc/init.d/apache2 force-reload to enable.
bender:/etc/apache2#
==== Configuration ====
LDAP authentication example :
AuthType basic
AuthName "private area"
AuthBasicProvider ldap
AuthLDAPURL ldap://127.0.0.1/dc=matthieu,dc=bouthors,dc=org?cn?sub?(objectClass=*)
AuthLDAPBindDN cn=apache,ou=services,dc=matthieu,dc=bouthors,dc=org
AuthLDAPBindPassword ***
AuthzLDAPAuthoritative off
require ldap-group cn=web,ou=groups,dc=matthieu,dc=bouthors,dc=org
The main options are :
* AuthType : defines the authentication type
* AuthName : realm name displayed to the user
* AuthBasicProvider : defines the authentication engine used for this URL
* AuthLDAPURL : defines the LDAP search options
* AuthLDAPBindDN : defines the service account used to connect the LDAP server
* AuthLDAPBindPassword : defines the password of the service account
* AuthzLDAPAuthoritative : defines if other authentication mecanism can be used if the user is not found inside the LDAP server.
* Require : defines the access rights of a folder
Examples :
* any authenticated user :
require valid-user
* the user "matthieu" :
require matthieu
* the group "web" :
require ldap-group cn=web,ou=groups,dc=matthieu,dc=bouthors,dc=org
===== MySQL Authentication =====
Warning : The following method is no more supported in the last version of Apache because the modul is no more maintained.
==== Installation ====
For Mysql installation, please look at [[en:linux:mysql]].\\
To create the SQL database, please look at [[en:linux:authent_sql]].
The following package is required :
* libapache2-auth-mysql
Once installed, the module needs to be enabled with the following command :
a2enmod auth_mysql
==== Configuration ====
Please find below a configuration example with MySQL authentication.
Options description are available at http://www.diegonet.com/support/mod_auth_mysql.shtml
Auth_MySQL_Info localhost apache *********
Auth_MySQL_General_DB users
AllowOverride None
Auth_MySQL_Password_Table users
Auth_MySQL_Group_Table groupes_apache
Auth_MySQL_Username_Field login
Auth_MySQL_Password_Field password
Auth_MySQL_Group_Field groupe
Auth_MySQL_Empty_Passwords off
Auth_MySQL_Encryption_Types Crypt
Auth_MySQL_Authoritative on
Auth_MySQL on
AuthType Basic
AuthName Extranet_matthieu.bouthors.org
Require group admin
Order Deny,Allow
Deny from All
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
Require valid-user
===== Links =====
* [[en:linux:serveur_web]]