LDAP Search and Apache LDAP Authentication
ldapsearch
Anonymous:
/usr/local/bin/ldapsearch -x -W -H ldap://ldap.man.ac.uk -s sub \
-b "c=uk" "cn=mpciish2"
# ...empty password...
Simple bind:
/usr/local/bin/ldapsearch -x -W -H ldap://ldap.man.ac.uk \
-D "cn=mpciish2,ou=mc,ou=admin,ou=uman,o=ac,c=uk" \
-s sub -b "c=uk" "cn=mpciish2"
# ...mpciish2's password...
Apache2 LDAP Authentication/Authorization Example
From httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html:
- AuthzLDAPAuthoritative Directive
- Set to off if this module should let other authentication modules attempt to authenticate the user, should authentication with this module fail. Control is only passed on to lower modules if there is no DN or rule that matches the supplied user name (as passed by the client).
From httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html:
- Require valid-user
- If this directive exists, mod_authnz_ldap grants access to any user that has successfully authenticated during the search/bind phase. Requires that mod_authz_user be loaded and that the AuthzLDAPAuthoritative directive be set to off.
Apache-2 configuration:
<Files registration.html>
Options Includes FollowSymLinks ExecCGI
AllowOverride All
AuthType Basic
AuthzLDAPAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL "ldap://ldap.man.ac.uk/ou=uman,o=ac,c=uk"
AuthName "University of Manchester Central Services Account (LDAP)"
Require valid-user
</Files>