I am using CentOS 6. I found a great article on how to install and configure OpenLDAP on CentOS 6, and I found some other great documentation here on how to configure LDAP to work on Apache HTTPD (I am using 2.2, which comes with CentOS 6). Unfortunately, what both articles do not necessarily specify is how to connect the two together. The second article I mentioned is great for an Apache walk through assuming you already have a good understanding of LDAP syntax, and the first article I mentioned is great assuming you already have in mind a way to test it. It seems like you have to be an expert at one or the other for either walk through to get you completely set up.
So let's assume that I configured my LDAP credentials according to the CentOS OpenLDAP walk-through article. I have added the following folks:
acme.ldif
dn: dc=acme,dc=com
objectClass: dcObject
objectClass: organization
dc: acme
o : acme
users.ldif
dn: ou=Users,dc=acme,dc=com
objectClass: organizationalUnit
ou: Users
bob.ldif
dn: cn=Bob Jones,ou=Users,dc=acme,dc=com
cn: Bob Jones
sn: Jones
objectClass: inetOrgPerson
userPassword: p@ssw0rd
uid: bjones
engineering.ldif
dn: cn=Engineering,ou=Users,dc=acme,dc=com
cn: Engineering
objectClass: groupOfNames
member: cn=Bob Jones,ou=Users,dc=acme,dc=com
addUserToGroup.ldif
dn: cn=Engineering,ou=Users,dc=acme,dc=com
changetype: modify
add: member
member: cn=Al Smith,ou=Users,dc=acme,dc=com
al.ldif
dn: cn=Al Smith,ou=Users,dc=acme,dc=com
cn: Al Smith
sn: Smith
objectClass: inetOrgPerson
userPassword: 12345
uid: asmith
I downloaded LDAPExplorer Tool 2 from SourceForge and successfully connected to this LDAP directory and explored it, and it looks just like the LDIF files suggest.
The following is from my httpd.conf file for Apache HTTPD:
<Directory /var/www/html/authpage>
AuthType Basic
AuthName "Enter valid user name"
AuthLDAPURL ldap://magneto.acme.com:389/????
require valid-user
</Directory>
Where the ???? is is where I do not know how to make my LDAP syntax line up with my LDAP directory. I have tried all sorts. What happens is I navigate to the URL http://magneto.acme.com/authpage (magneto is my hostname for the server in this case, I at least know that works), and I am prompted for credentials. Nothing I put in works. I have tried combinations of ou= and o= and dc=, along with ?uid as the query parameter.
When I check my Apache error_log, I see this line:
[Wed Sep 10 11:00:51 2014] [error] [client 10.78.182.243] access to /authpage failed, reason: verification of user id 'bjones' not configured
[Wed Sep 10 11:00:54 2014] [error] [client 10.78.182.243] access to /authpage failed, reason: verification of user id 'asmith' not configured
Assuming my LDAP directory works, and that Apache is correctly trying to authenticate to it,
1. How do I write correct syntax to authenticate to all users, or just a specific group?
2. Is there any additional configuration required to configure verification of users, based on what the error_log said?
Best Answer
In your case:
Note: if you do not allow anonymous searchs on your LDAP server, you may need to configure
AuthLDAPBindDNandAuthLDAPBindPassword