Authentication with Apache

This chapter describe how to configure LDAP authentication with Apache.

To install the LDAP server, please look at OpenLDAP.

The LDAP authentication with Apache2 is done with the module authnz_ldap. To enable it, use the following commands :

bender:/etc/apache2# a2enmod authnz_ldap
Enabling ldap as a dependency
Module ldap installed; run /etc/init.d/apache2 force-reload to enable.
Module authnz_ldap installed; run /etc/init.d/apache2 force-reload to enable.
bender:/etc/apache2#

LDAP authentication example :

<Directory /home/ssl>
     AuthType basic
     AuthName "private area"
     AuthBasicProvider ldap
     AuthLDAPURL ldap://127.0.0.1/dc=matthieu,dc=bouthors,dc=org?cn?sub?(objectClass=*)
     AuthLDAPBindDN cn=apache,ou=services,dc=matthieu,dc=bouthors,dc=org
     AuthLDAPBindPassword ***
     AuthzLDAPAuthoritative off
     require ldap-group cn=web,ou=groups,dc=matthieu,dc=bouthors,dc=org
</Directory>

The main options are :

• AuthType : defines the authentication type
• AuthName : realm name displayed to the user
• AuthBasicProvider : defines the authentication engine used for this URL
• AuthLDAPURL : defines the LDAP search options
• AuthLDAPBindDN : defines the service account used to connect the LDAP server
• AuthLDAPBindPassword : defines the password of the service account
• AuthzLDAPAuthoritative : defines if other authentication mecanism can be used if the user is not found inside the LDAP server.
• Require : defines the access rights of a folder

Examples :

• any authenticated user :

require valid-user

• the user “matthieu” :

require matthieu

• the group “web” :

require ldap-group cn=web,ou=groups,dc=matthieu,dc=bouthors,dc=org

Warning : The following method is no more supported in the last version of Apache because the modul is no more maintained.

For Mysql installation, please look at Mysql.
To create the SQL database, please look at authent_sql.

The following package is required :

• libapache2-auth-mysql

Once installed, the module needs to be enabled with the following command :

a2enmod auth_mysql

Please find below a configuration example with MySQL authentication.

Options description are available at http://www.diegonet.com/support/mod_auth_mysql.shtml

Auth_MySQL_Info localhost apache *********
Auth_MySQL_General_DB users

        <Directory />
                AllowOverride None
       
                Auth_MySQL_Password_Table users
                Auth_MySQL_Group_Table groupes_apache
                Auth_MySQL_Username_Field login
                Auth_MySQL_Password_Field password
                Auth_MySQL_Group_Field groupe
                Auth_MySQL_Empty_Passwords off
                Auth_MySQL_Encryption_Types Crypt
                Auth_MySQL_Authoritative on
                Auth_MySQL on

                AuthType Basic
                AuthName Extranet_matthieu.bouthors.org
                Require group admin
                Order Deny,Allow
                Deny from All
        </Directory>

        <Directory /home/ssl>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                Require valid-user
        </Directory>

• Web Server (Apache)