Other Stuff

UoM::RCS::Talby


Page Contents:


Page Group:

2010:

2009: 2008:


Related Pages:





LDAP Search and Apache LDAP Authentication

ldapsearch

Anonymous:

    /usr/local/bin/ldapsearch -x -W -H ldap://ldap.man.ac.uk -s sub \
                                                        -b "c=uk" "cn=mpciish2"
        # ...empty password...

Simple bind:

    /usr/local/bin/ldapsearch -x -W -H ldap://ldap.man.ac.uk \
                            -D "cn=mpciish2,ou=mc,ou=admin,ou=uman,o=ac,c=uk" \
                            -s sub -b "c=uk" "cn=mpciish2"

        # ...mpciish2's password...

Apache2 LDAP Authentication/Authorization Example

From httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html:

AuthzLDAPAuthoritative Directive
Set to off if this module should let other authentication modules attempt to authenticate the user, should authentication with this module fail. Control is only passed on to lower modules if there is no DN or rule that matches the supplied user name (as passed by the client).

From httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html:

Require valid-user
If this directive exists, mod_authnz_ldap grants access to any user that has successfully authenticated during the search/bind phase. Requires that mod_authz_user be loaded and that the AuthzLDAPAuthoritative directive be set to off.

Apache-2 configuration:

    <Files registration.html>
        Options Includes FollowSymLinks ExecCGI
        AllowOverride All
        AuthType Basic
        AuthzLDAPAuthoritative  off
        AuthBasicProvider ldap
        AuthLDAPURL "ldap://ldap.man.ac.uk/ou=uman,o=ac,c=uk"
        AuthName "University of Manchester Central Services Account (LDAP)"
        Require valid-user
    </Files>