Implementing OpenLDAP for web not for OS
 

Hi,

I have experience with many systems, but new to Linux.

System: Centos
Daemon: OpenLDAP/phpLDAP

I would like to use Open LDAP as a resource for several websites for related organizations, but keep the security principals separate for the OS. I have found the documentation does not directly point to something (web searches were also ambiguous).

1. Has/Does anyone else do this?
2. Is there a reference?
3. Can you provide steps?

My apology in advance if this is a blatantly simple and obvious line of questions.

Thank you,
Steve

It SHOULD be simple....
 

I have not done this, but the question interests me.
Certainly an application can do authentication independent of the operating system, in fact many applications clearly DO: certain ftp and web servers can use SQL back ends, why not LDAP.
If we can find the setup for that application to use LDAP, it should work.
The OS uses PAM, and if we no NOT integrate LDAP authentication into PAM the OS will NOT use LDAP.

This then leads me to think that the place to research this (after google, natch!) will be in the documentation for your web server. Which web server are you using?
(Not II I hope! Something like Apache HTTPD, or possibly NGINX, Monkey, etc.)

wpeckham,

Thanks for your insight. I think that not coupling the slapd daemon to the PAM is exactly the trick. (I had no idea what to call the local security access daemon).

OS: CentOS 6.7
httpd: 2.2.15-47.el6.centos.1
nginx: 1.9.4-centos6.15091112

Adding nginx on top was a recommendation made to me (the travesty of being a nEWb).

After reading up on CentOS PAM, I have found what I thought might be there - the step during installation/configuration that directs the OS to authenticate - ez, just don't do it. Then the LDAP is stand alone. From there, configuring listening for the daemon to service sites and a small local (web) interface for management should be somewhat simple, yes?