LDAP Apache: Difference between revisions

mNo edit summary
No edit summary
 
(7 intermediate revisions by 6 users not shown)
Line 1: Line 1:
=LDAP Apache=
{{Archive}}=LDAP Apache=


Very simple, install mod_auth_ldap, and then install a .htaccess file that looks like this:
For Apache versions < 2.2, then you need to install and load a module called mod_auth_ldap. For Apache 2.2 onwards this module was rewritten and became mod_authnz_ldap.


    AuthType Basic
Once you have the required module loaded, here's a .htaccess example for Apache 2.2:
    AuthName DDInternal
    AuthLDAPURL ldap://yourzimbraserver/dc=zimbra,dc=yourdomain,dc=com,dc=au
    require valid-user


The first part "ytourzimbraserver" is the address of your Zimbra server running LDAP.
AuthName "LDAP Auth Example"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://yourzimbraserver:389/ou=people,dc=yourdomain,dc=com?uid?sub?(objectClass=organizationalPerson)
AuthLDAPBindDN uid=zimbra,cn=admins,cn=zimbra
AuthLDAPBindPassword yourldappassword
require valid-user


The second part "dc=zimbra,dc=yourdomain,dc=com,dc=au" is the domain you would like to authenticate against.
The first part of "yourzimbraserver" is the address of your Zimbra server running LDAP.


==Other Domains==
The second part "dc=yourdomain,dc=com" is the domain and domain extension you would like to authenticate against.


I am not sure at this stage if you can allow users from multiple domains. Ideally the login would be the same form as Zimbra login - ie: "user@domain"
If you want users to have to enter their Zimbra e-mail address instead of their user ID then change "?uid" to "?mail" in the AuthLDAPURL directive.
 
If you have Apache 2.0 then "AuthBasicProvider ldap" doesn't work. Change it to "AuthLDAPEnabled on" instead.
 
As of ZCS 6.0 anonymous LDAP bind was disabled by default for new installs. If upgrading from v5 to v6, anonymous LDAP bind is still enabled so you can dispense with the "AuthLDAPBindDN" and "AuthLDAPBindPassword" directives. See [http://bugzilla.zimbra.com/show_bug.cgi?id=15378#c39 bug 15378, comment #39] for further information.
 
You can limit the access to certain users by changing the require directive to:
require user user@example.com


==Performance==
==Performance==
Line 29: Line 39:
[[http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html]Apache mod_auth_ldap]
[[http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html]Apache mod_auth_ldap]


{{Article Footer|unknown|3/28/2006}}


 
[[Category:LDAP]]
[http://www.casino-theory.com/craps-rules/internet-craps-gambling.html internet craps gambling]
[http://www.magical-casino.com/casino_download.html Casino Downloading Action.]
[http://www.casino-games-wiki.com/index.php/play_casino_games_game play casino games game]
[http://www.gambling-online-theory.com/online-casino/bet-online-casino.html bet online casino]
[http://www.casinos-go.com/online-casino-tips/online-casino-games.html online casino games]
[http://www.slots-wiki.com/index.php/slots_online_bonus slots online bonus]
[http://www.magical-casino.com/strategy.html Online casino strategies.]
[http://www.gambling-online-theory.com/casinos-portal/best-casinos-online.html best casinos online]
[http://www.slots-wiki.com/index.php/slots_online slots online]
[http://www.magical-casino.com/online_bonus.html Bonuses in Online Casinos.]

Latest revision as of 18:11, 24 March 2015

LDAP Apache

For Apache versions < 2.2, then you need to install and load a module called mod_auth_ldap. For Apache 2.2 onwards this module was rewritten and became mod_authnz_ldap.

Once you have the required module loaded, here's a .htaccess example for Apache 2.2:

AuthName "LDAP Auth Example"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://yourzimbraserver:389/ou=people,dc=yourdomain,dc=com?uid?sub?(objectClass=organizationalPerson)
AuthLDAPBindDN uid=zimbra,cn=admins,cn=zimbra
AuthLDAPBindPassword yourldappassword
require valid-user

The first part of "yourzimbraserver" is the address of your Zimbra server running LDAP.

The second part "dc=yourdomain,dc=com" is the domain and domain extension you would like to authenticate against.

If you want users to have to enter their Zimbra e-mail address instead of their user ID then change "?uid" to "?mail" in the AuthLDAPURL directive.

If you have Apache 2.0 then "AuthBasicProvider ldap" doesn't work. Change it to "AuthLDAPEnabled on" instead.

As of ZCS 6.0 anonymous LDAP bind was disabled by default for new installs. If upgrading from v5 to v6, anonymous LDAP bind is still enabled so you can dispense with the "AuthLDAPBindDN" and "AuthLDAPBindPassword" directives. See bug 15378, comment #39 for further information.

You can limit the access to certain users by changing the require directive to:

require user user@example.com

Performance

You may consider installing mod_ldap to cache your LDAP connections.

Single Login

You can then use [[1]Preauth] to do single sign on (sort of).


References

[[2]Apache mod_auth_ldap]

Verified Against: unknown Date Created: 3/28/2006
Article ID: https://wiki.zimbra.com/index.php?title=LDAP_Apache Date Modified: 2015-03-24



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search