LDAP Authentication with Apache

Question

I am trying to setup LDAP authentication with apache.

Group Information:

ldapsearch -x -h ldap-corporate -b "o=example.com,c=us" "cn=Security "

dn: cn=Security , ou=lm8100, o=example.com, c=US 
businessCategory: secadm 
cn: Security 
objectClass: groupOfUniqueNames 
objectClass: epicGroup 
objectClass: top 
uniqueMember: cn=Kim Ldaf + uid=CLKM9876,ou=lm8100,o=example.com,c=US   
uniqueMember: cn=HLK MNOIL+uid=DKL06, ou=lm8100,o=example.com,c=us    
uniqueMember: cn=TREKS DNKO+uid=RIK02, ou=lm8100,o=example.com,c=US

This is my configuration and it is accepting all valid LDAP users but my requirement is need accept only valid users for that particular group:

AllowOverride None
Order deny,allow 
Allow from all 
AuthType Basic 
AuthName "Protected" 
Require valid-user
AuthBasicAuthoritative Off 
AuthzLDAPAuthoritative Off 
AuthBasicProvider ldap 
AuthLDAPUrl ldap://HOST/o=example.com,c=us?uid?sub 
Require ldap-group cn=SC HelpDesk,o=example.com,c=US

Planning to use LDAP not Active Directory – user374374 Sep 07 '16 at 20:34 — user374374, Sep 07 '16 at 20:34

score 1 · Answer 1 · answered Sep 07 '16 at 23:35

1

You have both

Require valid-user
Require ldap-group cn=SC HelpDesk,o=example.com,c=US

As per the examples, you should have only

Require ldap-group cn=SC HelpDesk,o=example.com,c=US

answered Sep 07 '16 at 23:35

84104

12,698
6
43
75

If I am not keeping Require valid-user. None of the users are able to login. In some examples I saw both, so I kept both. – user374374 Sep 08 '16 at 00:58

score 0 · Answer 2 · answered Nov 12 '16 at 07:03

0

Use this directive to match the LDAP dn and then authenticate it.

Grant access if there is a Require ldap-dn directive, and the DN in the directive matches the DN fetched from the LDAP directory.

answered Nov 12 '16 at 07:03

Amarnath Sagala

1

LDAP Authentication with Apache

2 Answers2