How to plug Apache to several ldap servers with mod_authnz_ldap?

Question

The apache mod_authnz_ldap AuthLDAPURL directive can have several ldap URIs as showed in the doc:

AuthLDAPURL "ldap://ldap1.example.com ldap2.example.com/dc=..."

However, if I need different bind information (AuthLDAPBindDN and AuthLDAPBindPassword) for the different ldap servers, how can I achieve this? It seems there can be only one of each. Also, how can I match a password with a ldap URI?

azmeuk · Accepted Answer · 2020-07-28T12:01:22.700

The solution is to use the AuthnProviderAlias directive.

<AuthnProviderAlias ldap ldap-alias1>
    AuthLDAPBindDN cn=youruser,o=ctx
    AuthLDAPBindPassword yourpassword
    AuthLDAPURL ldap://ldap.host/o=ctx
</AuthnProviderAlias>

<AuthnProviderAlias ldap ldap-other-alias>
    AuthLDAPBindDN cn=yourotheruser,o=dev
    AuthLDAPBindPassword yourotherpassword
    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
</AuthnProviderAlias>

Alias "/secure" "/webpages/secure"
<Directory "/webpages/secure">
    AuthBasicProvider ldap-other-alias  ldap-alias1
    AuthType Basic
    AuthName "LDAP Protected Place"
    Require valid-user
</Directory>

How to plug Apache to several ldap servers with mod_authnz_ldap?

1 Answers1