LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   LDAP Authentication with Apache (https://www.linuxquestions.org/questions/linux-newbie-8/ldap-authentication-with-apache-4175588964/)

moonsun1124 09-07-2016 01:23 PM

LDAP Authentication with Apache
 
Hi All,
I am trying to setup LDAP authentication.

Group Informatin:

ldapsearch -x -h ldap-corporate -b "o=example.com,c=us" "cn=Security "

extended LDIF

#

LDAPv3

base with scope subtree

filter: cn=Security

requesting: ALL

#

Security , lm8100, example.com, US

dn: cn=Security , ou=lm8100, o=example.com, c=US businessCategory: secadm cn: Security objectClass: groupOfUniqueNames objectClass: epicGroup objectClass: top uniqueMember: cn=Kim Ldaf + uid=CLKM9876,ou=lm8100,o=example.com,c=US uniqueMember: cn=HLK MNOIL+uid=DKL06, ou=lm8100,o=example.com,c=us uniqueMember: cn=TREKS DNKO+uid=RIK02, ou=lm8100,o=example.com,c=US

This is my configuration and it is accepting all valid LDAP users but my requirement is need accept only valid users for that particular group:

We have different OU's with in a group.

HTTP.Conf
==============

AllowOverride None
Order deny,allow
Allow from all
AuthType Basic
AuthName "Protected"
Require valid-user
AuthBasicAuthoritative Off
AuthzLDAPAuthoritative Off
AuthBasicProvider ldap
AuthLDAPUrl ldap://HOST/o=example.com,c=us?uid?sub
Require ldap-group cn=SC HelpDesk,o=example.com,c=US
===================================================

Thanks,

24x7servermanagement 09-08-2016 07:01 AM

I think your require ldap group should be

Code:

Require ldap-group cn=Security HelpDesk,o=example.com,c=US
Refer :

https://httpd.apache.org/docs/2.4/mo....html#reqgroup

bathory 09-08-2016 11:26 AM

Quote:

Originally Posted by 24x7servermanagement (Post 5602383)
I think your require ldap group should be

Require ldap-group cn=Security HelpDesk,o=example.com,c=US

From the ldapsearch output:
Quote:

dn: cn=Security , ou=lm8100, o=example.com, c=US businessCategory: secadm cn: Security objectClass: groupOfUniqueNames objectClass: epicGroup objectClass: top uniqueMember: cn=Kim Ldaf + uid=CLKM9876,ou=lm8100,o=example.com,c=US uniqueMember: cn=HLK MNOIL+uid=DKL06, ou=lm8100,o=example.com,c=us uniqueMember: cn=TREKS DNKO+uid=RIK02, ou=lm8100,o=example.com,c=US
looks like the group dn is
Code:

cn=Security , ou=lm8100, o=example.com, c=US


All times are GMT -5. The time now is 10:39 AM.