Apache LDAP authentication
I don't know if this is the right forum to put this in, but if I'm wrong, please move this post! Okay, what I am trying to do is authenticate users through ldap to access a page on apache. My config works to a certain degree, but I need more "require" statements. Here's my httpd.conf:
Code:
<Directory /var/www/html/CCNA1> I should note that this config DOES work for me, but it only authenticates the fakeuser, not the LabTechs group. Thanks! :) |
Since fakeuser is part of the group, you can remove the "require ldap-user" line and see if it works.
|
Not quite
I guess I worded that a little weird, but what I was trying to say is that the reason I need both those statements is because that user isn't part of that group, and I would like not having to put fakeuser and Labtechs in the same group.
Thanks for the response though! Any more suggestions? |
Reading the mod_authnz_ldap documentation I think that you should use something like:
Code:
AuthLDAPURL ldap://172.31.1.200:389/ou=fakeou,DC=fakedc,DC=edu?uid??(|(cn=LabTechs)(uid=fakeuser)) Regards |
Different path
Thanks bathory, your help is very much appreciated! I couldn't read that documentation well, I had looked at it before, but I think that might work.
However, I can't test that until Monday, and I'm wondering if I would be able to put the exact path to the OU Labtechs since it's not in the same location as the LDAP URL? Either that or I guess I need to change the LDAP URL to something higher up on the tree so I can search differently. There's supposed to be a way that I can search recursively, but I don't understand the objectclass things and the search filters. I also learned I need to include a third group, which I'll call Fake_Admins. Here's a better view of how the tree looks fakedc.edu -fakeou --fakeuser -Labtechs --Labtechs(group) -Users --Fake_Admins(group) So I should be able to specify the location of all three of these using those search filters? Is there any other documentation that might show me precisely how I could do this? |
You should start your search from the higher level (dc=fakedc,dc=edu) so you can find both the user (ou=fakeou,dc=fakedc,dc=edu) and the group (ou=Labtechs,dc=fakedc,dc=edu).
|
All times are GMT -5. The time now is 08:55 AM. |