LDAP Apache: Difference between revisions
(Adding Article Footer & Category) |
No edit summary |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
=LDAP Apache= | {{Archive}}=LDAP Apache= | ||
For Apache versions < 2.2, then you need to install and load a module called mod_auth_ldap. For Apache 2.2 onwards this module was rewritten and became mod_authnz_ldap. | |||
Once you have the required module loaded, here's a .htaccess example for Apache 2.2: | |||
The first part "yourzimbraserver" is the address of your Zimbra server running LDAP. | AuthName "LDAP Auth Example" | ||
AuthType Basic | |||
AuthBasicProvider ldap | |||
AuthLDAPURL ldap://yourzimbraserver:389/ou=people,dc=yourdomain,dc=com?uid?sub?(objectClass=organizationalPerson) | |||
AuthLDAPBindDN uid=zimbra,cn=admins,cn=zimbra | |||
AuthLDAPBindPassword yourldappassword | |||
require valid-user | |||
The first part of "yourzimbraserver" is the address of your Zimbra server running LDAP. | |||
The second part "dc=yourdomain,dc=com" is the domain and domain extension you would like to authenticate against. | |||
If you want users to have to enter their Zimbra e-mail address instead of their user ID then change "?uid" to "?mail" in the AuthLDAPURL directive. | |||
If you have Apache 2.0 then "AuthBasicProvider ldap" doesn't work. Change it to "AuthLDAPEnabled on" instead. | |||
If you | |||
As of ZCS 6.0 anonymous LDAP bind was disabled by default for new installs. If upgrading from v5 to v6, anonymous LDAP bind is still enabled so you can dispense with the "AuthLDAPBindDN" and "AuthLDAPBindPassword" directives. See [http://bugzilla.zimbra.com/show_bug.cgi?id=15378#c39 bug 15378, comment #39] for further information. | |||
You can limit the access to certain users by | You can limit the access to certain users by changing the require directive to: | ||
require user user@example.com | require user user@example.com | ||
Latest revision as of 18:11, 24 March 2015
LDAP Apache
For Apache versions < 2.2, then you need to install and load a module called mod_auth_ldap. For Apache 2.2 onwards this module was rewritten and became mod_authnz_ldap.
Once you have the required module loaded, here's a .htaccess example for Apache 2.2:
AuthName "LDAP Auth Example" AuthType Basic AuthBasicProvider ldap AuthLDAPURL ldap://yourzimbraserver:389/ou=people,dc=yourdomain,dc=com?uid?sub?(objectClass=organizationalPerson) AuthLDAPBindDN uid=zimbra,cn=admins,cn=zimbra AuthLDAPBindPassword yourldappassword require valid-user
The first part of "yourzimbraserver" is the address of your Zimbra server running LDAP.
The second part "dc=yourdomain,dc=com" is the domain and domain extension you would like to authenticate against.
If you want users to have to enter their Zimbra e-mail address instead of their user ID then change "?uid" to "?mail" in the AuthLDAPURL directive.
If you have Apache 2.0 then "AuthBasicProvider ldap" doesn't work. Change it to "AuthLDAPEnabled on" instead.
As of ZCS 6.0 anonymous LDAP bind was disabled by default for new installs. If upgrading from v5 to v6, anonymous LDAP bind is still enabled so you can dispense with the "AuthLDAPBindDN" and "AuthLDAPBindPassword" directives. See bug 15378, comment #39 for further information.
You can limit the access to certain users by changing the require directive to:
require user user@example.com
Performance
You may consider installing mod_ldap to cache your LDAP connections.
Single Login
You can then use [[1]Preauth] to do single sign on (sort of).
References
[[2]Apache mod_auth_ldap]