apache 2.4 ldap group authentication on Debian 9 Stretch

less than 1 minute read

site configuration

LDAPVerifyServerCert Off
<VirtualHost *:443>
  ServerName name

  DocumentRoot "/"

  <Directory "/">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    AuthType Basic
    AuthName "AD authentication"
    AuthBasicProvider ldap
    AuthLDAPGroupAttribute member
    AuthLDAPGroupAttributeIsDN On
    AuthLDAPURL ldaps://dc1/CN=Users,DC=dc1,DC=com?sAMAccountName?sub?(objectClass=*)
    AuthLDAPBindDN 'CN=apachebinduser,OU=Special Users,DC=dc1,DC=com'
    AuthLDAPBindPassword password
    ErrorDocument 401 "Wrong credentials!<br>"
    Require ldap-group CN=usergroup,CN=Users,DC=dc1,DC=com
    #LogLevel debug
  </Directory>


  ## Logging
  ErrorLog "/var/log/apache2/error_ssl.log"
  ServerSignature Off
  CustomLog "/var/log/apache2/access_ssl.log" combined 

  ## SSL directives
  SSLEngine on
  SSLCertificateFile      "name.pem"
  SSLCertificateKeyFile   "name.pem"
  SSLCACertificatePath    "/etc/ssl/certs"
</VirtualHost>

Enable authnz_ldap and reload Apache2

a2enmod authnz_ldap
systemctl restart apache2

Leave a comment

Leave a comment

You may also enjoy