Re: [users@httpd] Apache 2.2 mod_authnz_ldap binding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I suggest a 600 perms sub-conf file you 'Include' in the main httpd.conf,
illegible to the non-root user.  Or use starttls/ssl and add this client's
ldap cert to your servers ldap CA chain, protecting the key 600 as you
would always do.  Same difference.



Erik Froese wrote:
I'm trying to move from apache 2.0 to 2.2 and would like to use the supplied *ldap modules that are built into apache. I'd like to authenticate against our LDAP but we don't alow anonymous binds and I'd rather not store an LDAP user's name and pw in an apache conf file to get LDAP
authentication working.

I've had success in the past with mm_mod_auth_ldap from muquit.com <http://muquit.com> with apache 2.0. MM_mod_auth_ldap allowed apache to try and bind as the name/pw credentials provided by
the browser using the AuthOnBind directive.

Our LDAP directory is rather large (>100,000) and it cuts down on authentication time if we don't have to go through the normal bind, search/compare/verify uniqueness, close, bind
process that the apache 2.2 module talks about in the docs.

In short, is there a way to make apache 2.2 try to bind to the ldap server with the credentials
provided by the browser and consider itself authenticated if it could bind?

Erik Froese


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux