Wednesday, September 19, 2007

LDAP Authentication in Apache Directory Protection?

openLDAP is a open source implementation of Light Weight Directory Access is read optimized which is used to store user information for authentication purpose.

Once we have implemented password protection in Apache there comes the natural question ?

Why to create another password file ???
Cant we utilize our existing authentication mechanism?

Yes,we can.

from some changes in .htaccess, we need not to alter any settings in Apache's httpd.conf.

Following lines have been added in .htaccess to allow LDAP Authentication and allow only certain users.

AuthType Basic
AuthName "Message which will appear in Login Window"
#AuthUserFile /usr/local/apache/passwd/passwd (Not needed anymore)
AuthLDAPURL ldap://,o=ofb (Fake address)

require user "shailesh.mishra"
require user "tom"
require user "harry"

It is assumed that LDAP server is running in (Fake address) on port 389 with ou=people,o=ofb.

Although all these directive could have been written in httpd.conf itself but its always a good idea not to fiddle with existing settings.

No comments: