3

Im trying to set up an Apache Proxy which also does LDAP Basic Auth:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
            ServerAdmin webmaster@localhost

            DocumentRoot /var/www/html

            ProxyPass               /        http://localhost:8080/ nocanon
            ProxyPassReverse        /        http://localhost:8080/
            ProxyPreserveHost       On

            ProxyRequests           Off
            AllowEncodedSlashes     NoDecode
            RequestHeader set X-Forwarded-Proto "https"
            RequestHeader set X-Forwarded-Port "443"

            <Location />
                    AuthType Basic
                    AuthName "LDAP Login for access"
                    AuthBasicProvider ldap
                    AuthLDAPBindDN USER@DOMAIN
                    AuthLDAPBindPassword PASSWORD
                    AuthLDAPURL ldaps://FQDN:636/CN=..,OU=..?uid?sub
                    Require valid-user
            </Location>

The ProxyPass is working without the AuthType Basic part, however, if combined, the BasicAuth asks for credentials, and then the server throws an 500 error, without loggin a thing to his error.log

Am i missing something?

embedded
  • 456
  • 1
  • 6
  • 19

1 Answers1

2

This configuration worked for me:

    <Location />
            AuthType Basic
            AuthName "LDAP Login"
            AuthBasicProvider ldap
            AuthLDAPBindDN USER@DOMAIN
            AuthLDAPBindPassword PASSWORD
            AuthLDAPURL ldap://IP:PORT/OU=...,DC=...,DC=...,DC=intern?uid?sub
            Require ldap-group CN=...,OU=...,OU=...,OU=...,DC=...,DC=...,DC=intern
            Require valid-user
    </Location>

    ProxyPass               /        http://localhost:8080/ nocanon
    ProxyPassReverse        /        http://localhost:8080/
    ProxyPreserveHost       On

    ProxyRequests           Off
    AllowEncodedSlashes     NoDecode
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"

It seems that the order of the commands is relevant.

embedded
  • 456
  • 1
  • 6
  • 19