Sorry.. but I'm a newbie...
As far as I understand Apache does not use "/etc/ldap/ldap.conf" or
whatever.
You specify all settings in your httpd.conf or vhost configuration like:
<Location /your_auth_required_location>
AuthType Basic
AuthName "Authentication required">
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPBindDN cn=Manager,dc=domain
AuthLDAPBindPassword <Manager_pass>
AuthLDAPURL "ldap://ldapserver.domain"
Require user username
Require ldap-group dn_of_group
</Location>
For each "sub" location... just need to specify the group or users you
allow with:
<Location /whatever>
Require user username
Require ldap-group dn_of_other_group
</Location>
Remeber users and groups are "ORed", not AND'ed.
Hope this helps you.
Tx,
Saxa
On 14/04/14 20:09, Lee Burke wrote:
Question – how to configure Apache to find
a custom ldap conf file.
I am using Apache 2.2.12 on Suse linux 11
patchset 2, with PHP 5.2.14.
I want to create a custom ldap.conf file
for use by Apache for user authentication via a remote system.
I can't put my config info in
/etc/openssl/ldap.conf or /etc/ldap.conf -- it's a long
story.
But, I could create my own
/etc/openldap/apache_ldap.conf.
The question is -- Where in Apache (and
maybe PHP) can I tell Apache to look for and use the settings
in my custom apache_ldap.conf ?
My custom ldap conf file would include
things like TLS_REQCERT, uri and base.
Lee Burke
Lead Systems Engineer
GPDS Innovation
lee.bu...@gm.com
C 586.359.9417
![](jpgraLLk9nk0K.jpg)
Nothing in this message is intended to constitute an electronic
signature unless a specific statement to the contrary is included
in this message.
Confidentiality Note: This message is intended only for the person
or entity to which it is addressed. It may contain confidential
and/or privileged material. Any review, transmission,
dissemination or other use, or taking of any action in reliance
upon this message by persons or entities other than the intended
recipient is prohibited and may be unlawful. If you received this
message in error, please contact the sender and delete it from
your computer.
|