Cool Solution - Connect Apache to the LDAP
From Univention Wiki
It sometimes is desired to protect a websites with a personal authentication. The Apache webserver can use the LDAP directory provided by Univention Corporate Server (UCS) for authentication. This article describes the requirements and necessary steps to allow the Apache webserver in UCS to use the OpenLDAP directory server for user authentication.
The requirements are installed by default. To enable them switch to the Apache directory
and link the LDAP modules
ln -s ../ldap.load ln -s ../ldap.conf ln -s ../authnz_ldap.load
Afterwards a restart of Apache has to be executed.
Use the UCS management system and create a user with only the simple authentication account option selected. Afterwards, the users DN (distinguised name) and it's password are needed. Ensure that the password is reasonable complex. To find the DN you can use the following command on the command line
univention-directory-manager users/user list --filter uid="<username>" | grep DN:
Within the folder you wish to protect create the following
file within your web page.
It needs to contain the following content
AuthBasicProvider ldap AuthType Basic AuthName "<my name>" AuthzLDAPAuthoritative off AuthLDAPURL ldap://<ucs dc>:7389/<LDAP base>?uid AuthLDAPBindDN <dn of the user> AuthLDAPBindPassword <users password> require valid-user
After restarting Apache again
you are required to enter a login to access the webpage.