Centaur - Apache configuration

Certificates

For information regarding certificates see the OpenLDAP configuration page.

Apache mod_auth_ldap

Using the Apache module mod_auth_ldap it is possible to use LDAP authentication to restrict access to all or parts of a website. The following is a sample configuration exerpt for an Apache (version 2 to 2.2.1) webserver on Redhat EL4.

# Load LDAP related modules
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so

# Set location and type of CA certificate
LDAPTrustedCA /etc/openldap/cacerts/centaurCA.cert
LDAPTrustedCAType BASE64_FILE

# Restrict access to /restricted URL using LDAP authentication
<Location /restricted>
   AuthLDAPAuthoritative on
   AuthLDAPEnabled on
   AuthType Basic
   AuthName "Restricted"
   AuthLDAPURL "ldaps://centaur.unimelb.edu.au:636/ou=people,o=unimelb?uid?sub?(objectClass=*)"
   require valid-user
</Location>

For Apache 2.2.2 onwards,

LDAPTrustedGlobalCert CA_BASE64 /servers/http/tmp_cert/centaurCA.cert
AuthLDAPUrl "ldaps://centaur.unimelb.edu.au:636/ou=people,o=unimelb?uid?sub?(objectClass=*)"
AuthName "Academic Associate Profiles2"
AuthType Basic
AuthBasicProvider ldap
Require valid-user
AuthzLDAPAuthoritative Off