I just got mod_ldap working with my OpenLDAP server on a RHEL5 system. It was harder than it had to be. The following did the trick using the vanilla Apache from RHEL5:
AuthName "your name here"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPUrl ldap://ldap.domain.tld:389/o=options
AuthLDAPBindDN cn=servicedn,o=tld
AuthLDAPBindPassword secret
Require user user0 user1
There are
three mod_auth_ldap modules:
Note how the first two are official from Apache 2.0 or 2.2 respectively and conditionally. The third does not come directly from Apache. RHEL5's vanilla Apache 2.0 comes with the first two.
$ grep ldap /etc/httpd/conf/httpd.conf
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
You can
yum install mod_authz_ldap to drop the new module in /etc/httpd/modules/ but you'll still need to edit httpd.conf to include it. However, you don't need it for basic authentication.
No comments:
Post a Comment