Apache web Authentication using LDAP/LDAPS requires two steps.
- Enabling public key at client side
- Configure LDAPS server in Apache (assuming that your LDAPS server is already running)
To enable secure connection with LDAPS server, the public key should be installed at Apache machine server follow below steps
- Copy the key in to /etc/ldap/cacerts or /etc/openldap/cacerts
- Configure the key entry in /etc/ldap.conf
To configure Apache server to communicate LDAPS server for authentication, add this into Apache http.conf or default.conf file.
LDAPTrustedGlobalCert CA_BASE64 /etc/openldap/cacerts/ldap_pubkey.pem
<Directory /var/www/html/>
AuthName "Apache authentication using Ldaps Server"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldaps://ldaps.test.com:636/ou=users,dc=test,dc=com?uid
AuthLDAPBindDN cn=manager,dc=test,dc=com
AuthLDAPBindPassword <pwd>
#Allowed user list
Require ldap-user user1 user2
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
No comments:
Post a Comment