You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Saxa Egea <sa...@saxa.dyndns.org> on 2014/04/16 11:26:24 UTC

Re: [users@httpd] custom ldap conf file

Sorry.. but I'm a newbie...

As far as I understand Apache does not use "/etc/ldap/ldap.conf" or
whatever.

You specify all settings in your httpd.conf or vhost configuration like:

<Location /your_auth_required_location>
      AuthType Basic
      AuthName "Authentication required">
          AuthBasicProvider ldap
          AuthzLDAPAuthoritative on
          AuthLDAPBindDN cn=Manager,dc=domain
          AuthLDAPBindPassword <Manager_pass>
      AuthLDAPURL"ldap://ldapserver.domain"
      Require user username
      Require ldap-group dn_of_group
</Location>

For each "sub" location... just need to specify the group or users you
allow with:

<Location /whatever>
	Require user username
	Require ldap-group dn_of_other_group
</Location>

Remeber users and groups are "ORed", not AND'ed.

Hope this helps you.

Tx,
    Saxa


On 14/04/14 20:09, Lee Burke wrote:
>
> Question -- how to configure Apache to find a custom ldap conf file.
>
> I am using Apache 2.2.12 on Suse linux 11 patchset 2, with PHP 5.2.14.
>
> I want to create a custom ldap.conf file for use by Apache for user 
> authentication via a remote system.
>
> I can't put my config info in /etc/openssl/ldap.conf or /etc/ldap.conf 
> -- it's a long story.
>
> But, I could create my own /etc/openldap/apache_ldap.conf.
>
> The question is -- Where in Apache (and maybe PHP) can I tell Apache 
> to look for and use the settings in my custom apache_ldap.conf ?
>
> My custom ldap conf file would include things like TLS_REQCERT, uri 
> and base.
>
> *Lee Burke*
>
> Lead Systems Engineer
>
> GPDS Innovation
>
> Lee.Burke@gm.com <ma...@gm.com>
>
> C 586.359.9417
>
>
>
> Nothing in this message is intended to constitute an electronic 
> signature unless a specific statement to the contrary is included in 
> this message.
>
> Confidentiality Note: This message is intended only for the person or 
> entity to which it is addressed. It may contain confidential and/or 
> privileged material. Any review, transmission, dissemination or other 
> use, or taking of any action in reliance upon this message by persons 
> or entities other than the intended recipient is prohibited and may be 
> unlawful. If you received this message in error, please contact the 
> sender and delete it from your computer.