Should anyone ask, I now have LDAP authentication working in Apache 2

It was not nice.

AuthType Basic
AuthName "Imaginator username and password"
AuthBasicProvider ldap
AuthzLDAPAuthoritative On
AuthLDAPURL ldaps://ldap.imaginator.com/dc=imaginator,dc=com?uid?sub
AuthLDAPBindDN "cn=nss,ou=auth,dc=imaginator,dc=com"
AuthLDAPBindPassword "**********"
AuthLDAPGroupAttribute memberUid
require ldap-group cn=buddycloud-corp,ou=groups,dc=imaginator,dc=com



So it sort of works. But what I would really like is for a way to authenticate on POSIX groups which have a memberUid which is something like:

memberUID: simon

Update:

AuthLDAPGroupAttributeIsDN off is the magic bit! This forces a filter on the uid rather than the full DN. LDAP as always Rocks!
rather than doing a

memberUid: cn=Simon Tennant,ou=People,dc=imaginator,dc=com

Sigh.

Related Articles

search

Powered by Blogger.

Follow by Email

Should anyone ask, on building strong teams

My thinking about building strong teams My work goal is: work with smart people, on interesting problems, that improve our lives. So I start...