Access control in Apache with LDAP

Our target is that when is acceded the directory http://www.midominio.com/privado/, our server makes access control, then it ask for an user/password, and validate trough our directory server.

As usually, we install over Debian etch server, with Apache/2.2.3. We are based on oficial documentation, we need availabel the following modules:

~# cd /etc/apache2/mods-enabled/
~# ln -s ../mods-available/auth_basic.load auth_basic.load
~# ln -s ../mods-available/authnz_ldap.load authnz_ldap.load
~# ln -s ../mods-available/ldap.load ldap.load
~# /etc/init.d/apache restart

After thet we will write the Location directive in our VirtualHost:

<Location "/privado/">
                AuthBasicProvider ldap
                AuthType Basic
                AuthzLDAPAuthoritative off
                AuthName "Archivos privados"
                AuthLDAPURL "ldap://ldap.midominio.com:389/dc=midominio,dc=com"
                require valid-user
        </Location>

This an very basic access control LDAP based. We could aply the “require group administrators” directive and we only allow access for the Administrators LDAP group. Or we could make this control in .htaccess file, if you do not have permissions to edit Apache configuration. At last, better way in the original source or googling a bit.

Leave a Reply

Your email address will not be published. Required fields are marked *