Cool Solution - Connect Apache to the LDAP

From Univention Wiki

Revision as of 07:50, 23 July 2012 by Korte (talk | contribs) (Added command to find the DN and the 2.4 Version tag Bug 27756)
Jump to: navigation, search
Produktlogo UCS Version 3.0
Produktlogo UCS Version 2.4

It sometimes is desired to protect a websites with a personal authentication. The Apache webserver can use the LDAP directory provided by Univention Corporate Server (UCS) for authentication. This article describes the requirements and necessary steps to allow the Apache webserver in UCS to use the OpenLDAP directory server for user authentication.


The requirements are installed by default. To enable them switch to the Apache directory

cd /etc/apache2/mods-enabled/

and link the LDAP modules

ln -s ../ldap.load
ln -s ../ldap.conf
ln -s ../authnz_ldap.load

Afterwards a restart of Apache has to be executed.

/etc/init.d/apache2 restart


Use the UCS management system and create a user with only the simple authentication account option selected. Afterwards, the users DN (distinguised name) and it's password are needed. Ensure that the password is reasonable complex. To find the DN you can use the following command on the command line

univention-directory-manager users/user list --filter uid="<username>" | grep DN:

Within the folder you wish to protect create the following


file within your web page.

It needs to contain the following content

AuthBasicProvider ldap
AuthType Basic
AuthName "<my name>"
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://<ucs dc>:7389/<LDAP base>?uid
AuthLDAPBindDN <dn of the user>
AuthLDAPBindPassword <users password>
require valid-user

After restarting Apache again

/etc/inti.d/apache2 restart

you are required to enter a login to access the webpage.

Personal tools