Thursday, May 8, 2014

Apache authentication and authorization using LDAPS

Apache web Authentication using LDAP/LDAPS requires two steps.
  1. Enabling public key at client side
  2. Configure LDAPS server in Apache (assuming that your LDAPS server is already running)
To enable secure connection with LDAPS server, the public key should be installed at Apache machine server follow below steps
  1. Copy the key in to /etc/ldap/cacerts or /etc/openldap/cacerts
  2. Configure the key entry in /etc/ldap.conf
To configure Apache server to communicate LDAPS server for authentication, add this into Apache http.conf or default.conf file.
LDAPTrustedGlobalCert CA_BASE64 /etc/openldap/cacerts/ldap_pubkey.pem
<Directory /var/www/html/>
    AuthName "Apache authentication using Ldaps Server"
    AuthType Basic
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off
    AuthLDAPURL ldaps://,dc=test,dc=com?uid
    AuthLDAPBindDN cn=manager,dc=test,dc=com
    AuthLDAPBindPassword <pwd>
    #Allowed user list
    Require ldap-user user1 user2

    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all

No comments:

Post a Comment