Cool Solution - Connect Apache to the LDAP
From Univention Wiki
It sometimes is desired to protect a websites with a personal authentication. The Apache webserver can use the LDAP directory provided by Univention Corporate Server (UCS) for authentication. This article describes the requirements and necessary steps to allow the Apache webserver in UCS to use the OpenLDAP directory server for user authentication.
The requirements are installed by default. Enable the following Apacha-Mods with:
a2enmod ldap a2enmod authnz_ldap
Afterwards a restart of Apache has to be executed.
Use the UCS management system and create a user with only the simple authentication account option selected. The user is needed for the connection to the LDAP Server. Afterwards, the users DN (distinguised name) and it's password are needed. Ensure that the password is reasonable complex. To find the DN you can use the following command on the command line
univention-directory-manager users/user list --filter uid="<username>" | grep DN:
Within the folder you wish to protect create the following
file within your web page.
It needs to contain the following content
AuthBasicProvider ldap AuthType Basic AuthName "<my name>" AuthzLDAPAuthoritative off AuthLDAPURL ldap://<ucs dc>:7389/<LDAP base>?uid AuthLDAPBindDN <dn of the user> AuthLDAPBindPassword <users password> require valid-user
After restarting Apache again
you are required to enter a login to access the webpage.
There is an archived version of this article for UCS 3.2: Apache_LDAP_Auth_3.2.pdf