Apache Ldap Authentication

For apache 1.3.x, I used this module:


Built with (On redhat.inside... insert appropriate apxs where needed) :

sudo /usr/local/apps-sm-httpd/bin/apxs -I/usr/local/include -L/usr/local/lib -lldap -llber -i -a -c mod_auth_ldap.c

In the httpd.conf file (or conf.d file), make sure that AllowOverride is set to have .htaccess files parsed.

In the directory you want to control access to, create this .htaccess file:

AuthName "Whatever"
AuthType Basic
AuthLDAPAuthoritative on
Bind_DN "CN=LDAPQueryUser,OU=Service Accounts, OU=User Containers, DC=work,DC=com"
Bind_Pass blahblahblah
LDAP_Server 10.0.0.whatever
LDAP_Port 389
Base_DN "OU=User Containers,DC=work,DC=com"
UID_Attr sAMAccountName
Require valid-user

Restart apache, and it should work.

For Apache 2.x, downloads this module:


build with './configure --with-apxs=/location/of/apxs'.
(I had to give some different CPPFLAGS=-I/location/of/include/files if I got errors on make)
make && make install

Make sure you have the appropriate loadmodule lines, and AllowOverrides for htaccess, and create this .htaccess file:

AuthLDAPAuthoritative on
AuthType Basic
AuthName "Whatever"
AuthLDAPBindDN "CN=LDAPQueryUser,OU=Service Accounts, OU=User Containers, DC=work,dc=com"
AuthLDAPBindPassword blahblah
AuthLDAPURL "ldap:// Containers,DC=work,dc=com?sAMAccountName?sub?(objectclass=*)"
Require valid-user

Restart apache and it should work.