Should anyone ask, I now have LDAP authentication working in Apache 2

It was not nice.

AuthType Basic
AuthName "Imaginator username and password"
AuthBasicProvider ldap
AuthzLDAPAuthoritative On
AuthLDAPURL ldaps://,dc=com?uid?sub
AuthLDAPBindDN "cn=nss,ou=auth,dc=imaginator,dc=com"
AuthLDAPBindPassword "**********"
AuthLDAPGroupAttribute memberUid
require ldap-group cn=buddycloud-corp,ou=groups,dc=imaginator,dc=com

So it sort of works. But what I would really like is for a way to authenticate on POSIX groups which have a memberUid which is something like:

memberUID: simon


AuthLDAPGroupAttributeIsDN off is the magic bit! This forces a filter on the uid rather than the full DN. LDAP as always Rocks!
rather than doing a

memberUid: cn=Simon Tennant,ou=People,dc=imaginator,dc=com


Related Articles


Powered by Blogger.

Follow by Email

Should anyone ask, on building strong teams

My thinking about building strong teams My work goal is: work with smart people, on interesting problems, that improve our lives. So I start...