How to authenticate against and openldap server, in Apache.
Since we’re sending credentials, we want everything to be over https, so everything here is in the /etc/httpd/conf.d/ssl.conf file. I’m calling the openldap system, liberty.example.com and the system running the webserver, wishbone.example.com. The url for the site is then https://wishbone.example.com.
Right after SSL Global Context, add this line:
LDAPTrustedGlobalCert CA_BASE64 /opt/certs/ldap-server.pem
(This file is the certificate for your openldap system. It’s self-signed and a CA as well.)
Make a self-signed certificate for wishbone that you’ll use for https. If you use the Makefile, both your certificate and key will be in the same file.
SSLCertificateFile /etc/pki/tls/certs/wishbone.pem SSLCertificateKeyFile /etc/pki/tls/certs/wishbone.pem
At the end of the file, just before the </VirtualHost>, add the following:
LDAPTrustedClientCert CERT_BASE64 /opt/certs/ldap-server.pem LDAPTrustedMode SSL <Directory /var/www/html> Order allow,deny Allow from all </Directory> <Location /login> AuthType Basic Authname 'Account Info' AuthBasicProvider 'ldap' AuthLDAPURL 'ldaps://liberty.example.com:636/ou=people,dc=liberty,dc=example,dc=com?uid?one' AuthzLDAPAuthoritative off Require valid-user </Location>