Difference between revisions of "Cool Solution - Connect Apache to the LDAP"

From Univention Wiki

Jump to: navigation, search
(Update)
(Added command to find the DN and the 2.4 Version tag Bug 27756)
Line 1: Line 1:
 
{{Version|UCS=3.0}}
 
{{Version|UCS=3.0}}
 +
{{Version|UCS=2.4}}
 
It sometimes is desired to protect a websites with a personal authentication. The Apache webserver can use the LDAP directory provided by Univention Corporate Server (UCS) for authentication. This article describes the requirements and necessary steps to allow the Apache webserver in UCS to use the OpenLDAP directory server for user authentication.
 
It sometimes is desired to protect a websites with a personal authentication. The Apache webserver can use the LDAP directory provided by Univention Corporate Server (UCS) for authentication. This article describes the requirements and necessary steps to allow the Apache webserver in UCS to use the OpenLDAP directory server for user authentication.
  
Line 20: Line 21:
  
 
== Configuration ==
 
== Configuration ==
Use the UCS management system and create a user with only the ''simple authentication account'' option selected. Afterwards, the users DN (distinguised name) and it's password are needed. Ensure that the password is reasonable complex.
+
Use the UCS management system and create a user with only the ''simple authentication account'' option selected. Afterwards, the users DN (distinguised name) and it's password are needed. Ensure that the password is reasonable complex. To find the DN you can use the following command on the command line
 +
<pre>
 +
univention-directory-manager users/user list --filter uid="<username>" | grep DN:
 +
</pre>
  
Within your web folder create the following
+
Within the folder you wish to protect create the following
 
<pre>
 
<pre>
 
.htaccess
 
.htaccess

Revision as of 07:50, 23 July 2012

Produktlogo UCS Version 3.0
Produktlogo UCS Version 2.4

It sometimes is desired to protect a websites with a personal authentication. The Apache webserver can use the LDAP directory provided by Univention Corporate Server (UCS) for authentication. This article describes the requirements and necessary steps to allow the Apache webserver in UCS to use the OpenLDAP directory server for user authentication.

Requirements

The requirements are installed by default. To enable them switch to the Apache directory

cd /etc/apache2/mods-enabled/

and link the LDAP modules

ln -s ../ldap.load
ln -s ../ldap.conf
ln -s ../authnz_ldap.load

Afterwards a restart of Apache has to be executed.

/etc/init.d/apache2 restart

Configuration

Use the UCS management system and create a user with only the simple authentication account option selected. Afterwards, the users DN (distinguised name) and it's password are needed. Ensure that the password is reasonable complex. To find the DN you can use the following command on the command line

univention-directory-manager users/user list --filter uid="<username>" | grep DN:

Within the folder you wish to protect create the following

.htaccess

file within your web page.

It needs to contain the following content

AuthBasicProvider ldap
AuthType Basic
AuthName "<my name>"
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://<ucs dc>:7389/<LDAP base>?uid
AuthLDAPBindDN <dn of the user>
AuthLDAPBindPassword <users password>
require valid-user

After restarting Apache again

/etc/inti.d/apache2 restart

you are required to enter a login to access the webpage.

Personal tools