Robert Ludvik wrote: >Kevin Kovach pravi: > > >>The HowTo for integration with Apache >>(http://directory.fedora.redhat.com/wiki/Howto:Apache) is currently >>blank. Can somebody advise on another source for information on getting >>some type of mod_authnz_ldap working between FDS and Apache? Thanks. >> >>- Kevin >> >> > >I made it this way (see attachment). Hope it helps. >Bye >Robert Ludvik > > >------------------------------------------------------------------------ > >Information source: >http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apache2.html#conf > >Download modauthldap_apache2.tar.gz and unpack it in /usr/local/src >In /usr/local/src/modauthldap_apache2 run: > >./configure --with-ldap-dir=/opt/fedora-ds/shared --with-apxs=/usr/sbin/apxs >make >make install > >Check httpd.conf: >LoadModule ldap_module modules/mod_ldap.so >LoadModule auth_ldap_module /usr/lib/httpd/modules/mod_auth_ldap.so > >I had to copy manualy these files: >cp /opt/fedora-ds/shared/lib/libprldap50.so /lib/ >cp /opt/fedora-ds/shared/lib/libldap50.so /lib/ >cp /opt/fedora-ds/shared/lib/libssldap50.so /lib/ > > What version of Apache is this? Note that some versions of Apache are linked directly against /usr/lib/libldap*.so which is the OpenLDAP API library. You may run into strange problems if you have both the Mozilla (Fedora DS) and OpenLDAP libs linked into Apache - the APIs, while similar, are not compatible and you will run into strange errors. It is for this reason that I recommend just using the default OpenLDAP libraries with mod_ldap and mod_auth_ldap. (Fedora DS Admin Server does use the Mozilla LDAP libs despite the fact that Apache is linked with the OpenLDAP ones - we have to jump through hoops like using LD_PRELOAD - but we do not use any other LDAP modules at all, and we have to use the Mozilla ones because we must use NSS for crypto). >In httpd.conf add folder for which you want to have LDAP authentication: > ><Directory "/var/www/html/a"> >Options Indexes FollowSymLinks >AllowOverride None >order allow,deny >allow from all ># Q: I get a error message like reason: unknown require directive: ># "xxxxxxx". What's the problem? ># A: Use the directive AuthAuthoritative Off >AuthAuthoritative Off >AuthName "Only for nice people ;-)" >AuthType Basic >#AuthOnBind Off >#Sub_DNou=CIS,ou=People >#LDAP_Persistent On >#Bind_Tries 5 >#LDAP_Debug On >#LDAP_Protocol_Version 3 >#LDAP_Deref NEVER >#LDAP_StartTLS On >LDAP_Server dserver.domain.com >#LDAP_Server 192.168.1.1 >LDAP_Port 389 ># Connect timeout in seconds #LDAP_Connect_Timeout 3 ># If SSL is on, must specify the LDAP SSL port, usually 636 >#LDAP_Port 636 >#LDAP_CertDbDir /usr/foo/ssl >Base_DN "dc=domain,dc=com" ># If your configuration allows annonymous access you don't have to set ># Bind_DN >#Bind_DN "uid=admin,o=Fox Chase Cancer Center,c=US" >#Bind_Pass "secret" >UID_Attr uid >#UID_Attr_Alt "mail" >#Group_Attr uniqueMember >#SupportNestedGroupsOff ># You also need one of require statements: ># any valid user: >#require valid-user ># OR these users: >#require user muquit foo bar "john doe" ># OR users that metch some condition: >#require roomnumber "123 Center Building" ># OR filter: >#require filter "(&(telephonenumber=1234)(roomnumber=123))" ># for a group of users (NOTE, without dc=domain,dc=com) >require group cn=my_group,ou=Groups ></Directory> > >Restart Apache: >apachectl restart > > > >------------------------------------------------------------------------ > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060125/c988429a/attachment.bin
