Open LDAP for Apache on Debian Etch

Recently Debian-Etch changed the LDAP auth package to Authnz. Below are the steps you need to take when upgrading on installing a new. Goal, make the directory /spot/ require a user name and password, using a central ldap server.

ok first make sure you have the mods, auth_ldap, I'm using debian so its here. This should come when you download the apache2-common deb.

 ls -l /etc/apache2/mods-available/authnz_ldap.load

Now make sure its linked in, again with debain this just requires a soft link, other distros will need to make conf changes to their http.conf

ln -s /etc/apache2/mods-available/authnz_ldap.load /etc/apache2/mods-enabled/authnz_ldap.load

Now we need to change the directory settings. Check out AuthLDAPUrl for the offical documentation. Basically AuthLDAPURL specifies the LDAP server. What to search on is specified by the require line. In addition, the directory is the root tree to search on. So With this configuration, when I type "family" as the user it will search for uid=family,ou=people,dc=example,dc=org

 Alias "/spot/" /my/special/spot
 <Directory /my/special/spot >
       AuthType basic
       AuthName "Access to Wiki"
       AuthBasicProvider ldap
       #AuthLDAPBindDN cn=admin,dc=example,dc=org
       #AuthLDAPBindPassword myveryinsecureldappassword
       AuthLDAPURL ldap://localhost/ou=people,dc=example,dc=org
       AuthLDAPRemoteUserIsDN off
       require ldap-filter &(uid=*)
 </Directory>

The usernames and passwords are stored in LDAP. See Installing Open LDAP to get that set up.

Once again restart

  sudo /usr/sbin/apache2ctl graceful

all done test it out!