{{tag>en en:linux en:server en:web en:authentication}}
====== Authentication with Apache ======
===== LDAP authentication =====
This chapter describe how to configure LDAP authentication with [[en:linux:serveur_web|Apache]].

==== Installation ====
To install the LDAP server, please look at [[en:linux:openldap]].

The LDAP authentication with Apache2 is done with the module authnz_ldap. To enable it, use the following commands :
<code>
bender:/etc/apache2# a2enmod authnz_ldap
Enabling ldap as a dependency
Module ldap installed; run /etc/init.d/apache2 force-reload to enable.
Module authnz_ldap installed; run /etc/init.d/apache2 force-reload to enable.
bender:/etc/apache2#
</code>

==== Configuration ====

LDAP authentication example :
<file>
<Directory /home/ssl>
     AuthType basic
     AuthName "private area"
     AuthBasicProvider ldap
     AuthLDAPURL ldap://127.0.0.1/dc=matthieu,dc=bouthors,dc=org?cn?sub?(objectClass=*)
     AuthLDAPBindDN cn=apache,ou=services,dc=matthieu,dc=bouthors,dc=org
     AuthLDAPBindPassword ***
     AuthzLDAPAuthoritative off
     require ldap-group cn=web,ou=groups,dc=matthieu,dc=bouthors,dc=org
</Directory>
</file>

The main options are :
  * AuthType : defines the authentication type
  * AuthName : realm name displayed to the user
  * AuthBasicProvider : defines the authentication engine used for this URL
  * AuthLDAPURL : defines the LDAP search options
  * AuthLDAPBindDN : defines the service account used to connect the LDAP server
  * AuthLDAPBindPassword : defines the password of the service account
  * AuthzLDAPAuthoritative : defines if other authentication mecanism can be used if the user is not found inside the LDAP server.
  * Require : defines the access rights of a folder

Examples :
  * any authenticated user :

  require valid-user

  * the user "matthieu" :

  require matthieu

  * the group "web" :

  require ldap-group cn=web,ou=groups,dc=matthieu,dc=bouthors,dc=org

===== MySQL Authentication =====
Warning : The following method is no more supported in the last version of Apache because the modul is no more maintained.

==== Installation ====

For Mysql installation, please look at [[en:linux:mysql]].\\
To create the SQL database, please look at [[en:linux:authent_sql]].

The following package is required :
  * libapache2-auth-mysql

Once installed, the module needs to be enabled with the following command :
  a2enmod auth_mysql

==== Configuration ====
Please find below a configuration example with MySQL authentication.

Options description are available at http://www.diegonet.com/support/mod_auth_mysql.shtml

<file>
Auth_MySQL_Info localhost apache *********
Auth_MySQL_General_DB users

        <Directory />
                AllowOverride None
       
                Auth_MySQL_Password_Table users
                Auth_MySQL_Group_Table groupes_apache
                Auth_MySQL_Username_Field login
                Auth_MySQL_Password_Field password
                Auth_MySQL_Group_Field groupe
                Auth_MySQL_Empty_Passwords off
                Auth_MySQL_Encryption_Types Crypt
                Auth_MySQL_Authoritative on
                Auth_MySQL on

                AuthType Basic
                AuthName Extranet_matthieu.bouthors.org
                Require group admin
                Order Deny,Allow
                Deny from All
        </Directory>

        <Directory /home/ssl>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                Require valid-user
        </Directory>
</file>

===== Links =====
  * [[en:linux:serveur_web]]