Re: FDS and Apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kevin Kovach pravi:
> The HowTo for integration with Apache
> (http://directory.fedora.redhat.com/wiki/Howto:Apache) is currently
> blank.  Can somebody advise on another source for information on getting
> some type of mod_authnz_ldap working between FDS and Apache?  Thanks.
> 
> - Kevin

I made it this way (see attachment). Hope it helps.
Bye
Robert Ludvik

Information source:
http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apache2.html#conf

Download modauthldap_apache2.tar.gz and unpack it in /usr/local/src
In /usr/local/src/modauthldap_apache2 run:

./configure --with-ldap-dir=/opt/fedora-ds/shared --with-apxs=/usr/sbin/apxs
make
make install

Check httpd.conf:
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module   /usr/lib/httpd/modules/mod_auth_ldap.so

I had to copy manualy these files:
cp /opt/fedora-ds/shared/lib/libprldap50.so /lib/
cp /opt/fedora-ds/shared/lib/libldap50.so /lib/
cp /opt/fedora-ds/shared/lib/libssldap50.so /lib/

In httpd.conf add folder for which you want to have LDAP authentication:

<Directory "/var/www/html/a">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
#    Q: I get a error message like reason: unknown require directive:
#    "xxxxxxx". What's the problem?
#    A: Use the directive AuthAuthoritative Off 
AuthAuthoritative Off
AuthName "Only for nice people ;-)"
AuthType Basic
#AuthOnBind Off
#Sub_DNou=CIS,ou=People
#LDAP_Persistent On
#Bind_Tries 5
#LDAP_Debug On
#LDAP_Protocol_Version 3
#LDAP_Deref NEVER
#LDAP_StartTLS On
LDAP_Server dserver.domain.com
#LDAP_Server 192.168.1.1 
LDAP_Port 389
# Connect timeout in seconds #LDAP_Connect_Timeout 3
# If SSL is on, must specify the LDAP SSL port, usually 636
#LDAP_Port 636
#LDAP_CertDbDir /usr/foo/ssl
Base_DN "dc=domain,dc=com"
# If your configuration allows annonymous access you don't have to set
# Bind_DN
#Bind_DN "uid=admin,o=Fox Chase Cancer Center,c=US"
#Bind_Pass "secret"
UID_Attr uid
#UID_Attr_Alt "mail"
#Group_Attr uniqueMember
#SupportNestedGroupsOff
# You also need one of require statements:
# any valid user:
#require valid-user
# OR these users:
#require user muquit foo bar "john doe"
# OR users that metch some condition:
#require roomnumber "123 Center Building"
# OR filter:
#require filter "(&(telephonenumber=1234)(roomnumber=123))"
# for a group of users (NOTE, without dc=domain,dc=com)
require group cn=my_group,ou=Groups
</Directory>

Restart Apache:
apachectl restart


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux