Tuesday, May 3, 2016

basic authentication with ldap on http directory with .htaccess

*** setup information ***
we presume that you already have apache2 installed

to configure ldap server, follow the link below

but in the configuration below we use
and the users that can authenticate belong to users in ou=users

1- install apache2 mod webauthldap
$ sudo install libapache2-mod-webauthldap

2- configure a apache2 directory for /var/www/auth by create a file /etc/apache2/conf-enabled/authbasic.conf with the following content

Alias /auth/ /var/www/auth/

<Directory /var/www/auth/>
    #DirectoryIndex index.php
    Options +FollowSymLinks +Indexes
    AllowOverride AuthConfig   

3- create directory /var/www/auth with .htaccess file in it
$ sudo mkdir /var/www/auth/ -p && cd /var/www/auth/

- the   /var/www/auth/.htaccess with the following conetent
AuthType Basic
AuthName "My Protected Area"
AuthBasicProvider ldap
AuthLDAPURL "ldap://localhost:389/ou=users, dc=linux,dc=auth?uid?sub?(objectClass=*)"
Require valid-user

4- enable some apache2 modules, authz_user auth_basic authnz_ldap
$ sudo a2enmod authz_user
$ sudo a2enmod auth_basic
$ sudo a2enmod authnz_ldap

5- restart apache2 services
$ sudo /etc/init.d/apache2 restart

6- how when you access to http://server-ip/auth, you will be prompted to input username and password, so you can use the user in the ou=users to authenticate

-screenshot of the authentication window when access to  http://server-ip/auth,

No comments:

Post a Comment