This chapter describe how to configure LDAP authentication with Apache.
To install the LDAP server, please look at OpenLDAP.
The LDAP authentication with Apache2 is done with the module authnz_ldap. To enable it, use the following commands :
bender:/etc/apache2# a2enmod authnz_ldap Enabling ldap as a dependency Module ldap installed; run /etc/init.d/apache2 force-reload to enable. Module authnz_ldap installed; run /etc/init.d/apache2 force-reload to enable. bender:/etc/apache2#
LDAP authentication example :
<Directory /home/ssl> AuthType basic AuthName "private area" AuthBasicProvider ldap AuthLDAPURL ldap://127.0.0.1/dc=matthieu,dc=bouthors,dc=org?cn?sub?(objectClass=*) AuthLDAPBindDN cn=apache,ou=services,dc=matthieu,dc=bouthors,dc=org AuthLDAPBindPassword *** AuthzLDAPAuthoritative off require ldap-group cn=web,ou=groups,dc=matthieu,dc=bouthors,dc=org </Directory>
The main options are :
Examples :
require valid-user
require matthieu
require ldap-group cn=web,ou=groups,dc=matthieu,dc=bouthors,dc=org
Warning : The following method is no more supported in the last version of Apache because the modul is no more maintained.
For Mysql installation, please look at Mysql.
To create the SQL database, please look at authent_sql.
The following package is required :
Once installed, the module needs to be enabled with the following command :
a2enmod auth_mysql
Please find below a configuration example with MySQL authentication.
Options description are available at http://www.diegonet.com/support/mod_auth_mysql.shtml
Auth_MySQL_Info localhost apache ********* Auth_MySQL_General_DB users <Directory /> AllowOverride None Auth_MySQL_Password_Table users Auth_MySQL_Group_Table groupes_apache Auth_MySQL_Username_Field login Auth_MySQL_Password_Field password Auth_MySQL_Group_Field groupe Auth_MySQL_Empty_Passwords off Auth_MySQL_Encryption_Types Crypt Auth_MySQL_Authoritative on Auth_MySQL on AuthType Basic AuthName Extranet_matthieu.bouthors.org Require group admin Order Deny,Allow Deny from All </Directory> <Directory /home/ssl> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all Require valid-user </Directory>