Skip to content
SDI-Docs

LDAP Authentication

Create Test User

Create tuser in Apache Directory Studio It should look like this

tuser

Then you can test the Bind by binding to your user in Apache Directory Studio

tuser-bind

Setup LDAP Authentication in Apache

We need to add the following lines to our apache config

<Location "/mk381">
        AuthType Basic
        AuthName "Apache LDAP authentication"
        AuthBasicAuthoritative Off
        AuthBasicProvider ldap
        AuthLDAPURL "ldap://141.62.75.101/uid=tuser,ou=devel,ou=software,ou=departments,dc=betrayer,dc=com"
        AuthLDAPBindDN "uid=tuser,ou=devel,ou=software,ou=departments,dc=betrayer,dc=com
        AuthLDAPBindPassword tuser
        Require valid-user
</Location>
<Location "/manual">
        AuthType Basic
        AuthName "Apache LDAP authentication"
        AuthBasicAuthoritative Off
        AuthBasicProvider ldap
        AuthLDAPURL "ldap://141.62.75.101/uid=tuser,ou=devel,ou=software,ou=departments,dc=betrayer,dc=com"
        AuthLDAPBindDN "uid=tuser,ou=devel,ou=software,ou=departments,dc=betrayer,dc=com
        AuthLDAPBindPassword tuser
        Require valid-user
</Location>

As we also want it to work for the Virtual Hosts we need to add it to the Virtual Hosts as well

<VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot /home/sdidocs
  ServerName g1.sdi.mi.hdm-stuttgart.de
  ServerAlias mk381.g1.sdi.mi.hdm-stuttgart.de
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  <Directory "/home/sdidocs">
        AuthType Basic
        AuthName "Apache LDAP authentication"
        AuthBasicAuthoritative Off
        AuthBasicProvider ldap
        AuthLDAPURL "ldap://141.62.75.101/uid=tuser,ou=devel,ou=software,ou=departments,dc=betrayer,dc=com"
        AuthLDAPBindDN "uid=tuser,ou=devel,ou=software,ou=departments,dc=betrayer,dc=com
        AuthLDAPBindPassword tuser
        Require valid-user
  </Directory>
</VirtualHost>

<VirtualHost *:80>
  ServerAdmin [email protected]
  DocumentRoot /usr/share/doc/apache2-doc/manual/
  ServerName g1.sdi.mi.hdm-stuttgart.de
  ServerAlias manual.g1.sdi.mi.hdm-stuttgart.de
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  <Directory "/usr/share/doc/apache2-doc/manual/">
        AuthType Basic
        AuthName "Apache LDAP authentication"
        AuthBasicAuthoritative Off
        AuthBasicProvider ldap
        AuthLDAPURL "ldap://141.62.75.101/uid=tuser,ou=devel,ou=software,ou=departments,dc=betrayer,dc=com"
        AuthLDAPBindDN "uid=tuser,ou=devel,ou=software,ou=departments,dc=betrayer,dc=com
        AuthLDAPBindPassword tuser
        Require valid-user
  </Directory>
</VirtualHost>

Now we need to enable the authnz_ldap module on the server

a2enmod authnz_ldap

Now after restarting the server with systemctl restart apache2 we can test the authentication

Alt text Alt text