Robert Ludvik wrote:
What version of Apache is this? Note that some versions of Apache are linked directly against /usr/lib/libldap*.so which is the OpenLDAP API library. You may run into strange problems if you have both the Mozilla (Fedora DS) and OpenLDAP libs linked into Apache - the APIs, while similar, are not compatible and you will run into strange errors. It is for this reason that I recommend just using the default OpenLDAP libraries with mod_ldap and mod_auth_ldap. (Fedora DS Admin Server does use the Mozilla LDAP libs despite the fact that Apache is linked with the OpenLDAP ones - we have to jump through hoops like using LD_PRELOAD - but we do not use any other LDAP modules at all, and we have to use the Mozilla ones because we must use NSS for crypto).Kevin Kovach pravi:The HowTo for integration with Apache (http://directory.fedora.redhat.com/wiki/Howto:Apache) is currently blank. Can somebody advise on another source for information on getting some type of mod_authnz_ldap working between FDS and Apache? Thanks. - KevinI made it this way (see attachment). Hope it helps. Bye Robert Ludvik------------------------------------------------------------------------ Information source: http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apache2.html#conf Download modauthldap_apache2.tar.gz and unpack it in /usr/local/src In /usr/local/src/modauthldap_apache2 run: ./configure --with-ldap-dir=/opt/fedora-ds/shared --with-apxs=/usr/sbin/apxs make make install Check httpd.conf: LoadModule ldap_module modules/mod_ldap.so LoadModule auth_ldap_module /usr/lib/httpd/modules/mod_auth_ldap.so I had to copy manualy these files: cp /opt/fedora-ds/shared/lib/libprldap50.so /lib/ cp /opt/fedora-ds/shared/lib/libldap50.so /lib/ cp /opt/fedora-ds/shared/lib/libssldap50.so /lib/
In httpd.conf add folder for which you want to have LDAP authentication: <Directory "/var/www/html/a"> Options Indexes FollowSymLinks AllowOverride None order allow,deny allow from all # Q: I get a error message like reason: unknown require directive: # "xxxxxxx". What's the problem?# A: Use the directive AuthAuthoritative Off AuthAuthoritative OffAuthName "Only for nice people ;-)" AuthType Basic #AuthOnBind Off #Sub_DNou=CIS,ou=People #LDAP_Persistent On #Bind_Tries 5 #LDAP_Debug On #LDAP_Protocol_Version 3 #LDAP_Deref NEVER #LDAP_StartTLS On LDAP_Server dserver.domain.com#LDAP_Server 192.168.1.1 LDAP_Port 389# Connect timeout in seconds #LDAP_Connect_Timeout 3 # If SSL is on, must specify the LDAP SSL port, usually 636 #LDAP_Port 636 #LDAP_CertDbDir /usr/foo/ssl Base_DN "dc=domain,dc=com" # If your configuration allows annonymous access you don't have to set # Bind_DN #Bind_DN "uid=admin,o=Fox Chase Cancer Center,c=US" #Bind_Pass "secret" UID_Attr uid #UID_Attr_Alt "mail" #Group_Attr uniqueMember #SupportNestedGroupsOff # You also need one of require statements: # any valid user: #require valid-user # OR these users: #require user muquit foo bar "john doe" # OR users that metch some condition: #require roomnumber "123 Center Building" # OR filter: #require filter "(&(telephonenumber=1234)(roomnumber=123))" # for a group of users (NOTE, without dc=domain,dc=com) require group cn=my_group,ou=Groups </Directory> Restart Apache: apachectl restart------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
