Tuesday, May 3, 2016

basic authentication with ldap on http directory with .htaccess

*** setup information ***
we presume that you already have apache2 installed

to configure ldap server, follow the link below
http://www.atechnote.com/2015/09/how-to-setup-ldap-server-with-slapd.html

but in the configuration below we use
dc=linux,dc=auth
and the users that can authenticate belong to users in ou=users


1- install apache2 mod webauthldap
$ sudo install libapache2-mod-webauthldap

2- configure a apache2 directory for /var/www/auth by create a file /etc/apache2/conf-enabled/authbasic.conf with the following content

Alias /auth/ /var/www/auth/

<Directory /var/www/auth/>
    #DirectoryIndex index.php
    Options +FollowSymLinks +Indexes
    AllowOverride AuthConfig   
</Directory>


3- create directory /var/www/auth with .htaccess file in it
$ sudo mkdir /var/www/auth/ -p && cd /var/www/auth/

- the   /var/www/auth/.htaccess with the following conetent
AuthType Basic
AuthName "My Protected Area"
AuthBasicProvider ldap
AuthLDAPURL "ldap://localhost:389/ou=users, dc=linux,dc=auth?uid?sub?(objectClass=*)"
Require valid-user


4- enable some apache2 modules, authz_user auth_basic authnz_ldap
$ sudo a2enmod authz_user
$ sudo a2enmod auth_basic
$ sudo a2enmod authnz_ldap

5- restart apache2 services
$ sudo /etc/init.d/apache2 restart

6- how when you access to http://server-ip/auth, you will be prompted to input username and password, so you can use the user in the ou=users to authenticate

-screenshot of the authentication window when access to  http://server-ip/auth,

No comments:

Post a Comment