Difference between revisions of "Cool Solution - Connect Apache to the LDAP"

From Univention Wiki

Jump to: navigation, search
(Update)
Line 1: Line 1:
 
{{Version|UCS=3.0}}
 
{{Version|UCS=3.0}}
It sometimes desired to protect your websites with a personal authentication. Therefor the apache can be connected to the LDAP directory.
+
It sometimes is desired to protect a websites with a personal authentication. The Apache webserver can use the LDAP directory provided by Univention Corporate Server (UCS) for authentication. This article describes the requirements and necessary steps to allow the Apache webserver in UCS to use the OpenLDAP directory server for user authentication.
  
 
== Requirements ==
 
== Requirements ==
The requirements are installed by default. To enable them switch to the apache directory
+
The requirements are installed by default. To enable them switch to the Apache directory
 
<pre>
 
<pre>
 
cd /etc/apache2/mods-enabled/
 
cd /etc/apache2/mods-enabled/
Line 20: Line 20:
  
 
== Configuration ==
 
== Configuration ==
Using the UDM create a user with only the 'simple authentication account' option chosen. You will need this users DN as well as its password. Ensure that the password is reasonable complex.
+
Use the UCS management system and create a user with only the ''simple authentication account'' option selected. Afterwards, the users DN (distinguised name) and it's password are needed. Ensure that the password is reasonable complex.
  
 
Within your web folder create the following
 
Within your web folder create the following

Revision as of 16:26, 27 June 2012

Produktlogo UCS Version 3.0

It sometimes is desired to protect a websites with a personal authentication. The Apache webserver can use the LDAP directory provided by Univention Corporate Server (UCS) for authentication. This article describes the requirements and necessary steps to allow the Apache webserver in UCS to use the OpenLDAP directory server for user authentication.

Requirements

The requirements are installed by default. To enable them switch to the Apache directory

cd /etc/apache2/mods-enabled/

and link the LDAP modules

ln -s ../ldap.load
ln -s ../ldap.conf
ln -s ../authnz_ldap.load

Afterwards a restart of Apache has to be executed.

/etc/init.d/apache2 restart

Configuration

Use the UCS management system and create a user with only the simple authentication account option selected. Afterwards, the users DN (distinguised name) and it's password are needed. Ensure that the password is reasonable complex.

Within your web folder create the following

.htaccess

file within your web page.

It needs to contain the following content

AuthBasicProvider ldap
AuthType Basic
AuthName "<my name>"
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://<ucs dc>:7389/<LDAP base>?uid
AuthLDAPBindDN <dn of the user>
AuthLDAPBindPassword <users password>
require valid-user

After restarting Apache again

/etc/inti.d/apache2 restart

you are required to enter a login to access the webpage.

Personal tools