Hello,

How does LDAP know where to search for the user password provided by Apache?

Thanks!



On Tuesday, February 16, 2016 10:01 AM, Marc Patermann <hans.moser@ofd-z.niedersachsen.de> wrote:


Mary,

Am 16.02.2016 um 14:56 Uhr schrieb Mary Kao:
> I have very simple requirements for "users" e.g. representative of user
> accounts with userid and password.
a "user" for "authentication" in LDAP ist mostly an object you can bind to.
The easiest way to bind to an LDAP server is "simple" bind, by which you
send the DN of the object and the password.
In this case the object has a password field - userpassword.

So choose an objectclass with userpassword - i.e. inetorgperson - and
create an object with this.

If you need a GUI try Apache Directory Studio.

Start from there.

> I have a web application which we are currently using Apache's htpasswd
> flat file database for userid's and password.  We'd like to be able to
> have Apache point to LDAP for user authentication from the web app.
Go for it! :)


> Any pointers how to get going in this direction would be greatly
> appreciated.

Apache HTTPd is very flexible in the use of LDAP.
https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html

To understand what AuthLDAPURL does, read about LDAP filters.

What apache does, is
- do a search in your DIT to find the user object in AuthLDAPURL
  and get the DN
- bind with the DN and given password

For information about how to set up openldap in general, read the
openLDAP Admin Guide.
For hot to set up on you favorite linux distrubition, check the
documentation there.


Marc