As part of our internal office systems upgrade we have a shiny new LDAP server which we like to use as much as possible. One of the things we use it for is Apache user auth, mainly we control SVN with it so people can only commit to the projects they’re allowed to but we also use it so secure our system’s services from the developers that like to play wannabe sysadmin!
Unfortunately we are running several different flavors of Ubuntu in the office with slightly different Apache2 versions and thus LDAP requirements!
Ubuntu Dapper Drake (Apache 2.0)
AuthType basic
AuthName "BackupPC admin"
AuthLDAPUrl ldap://ldap-server:389/ou=people,dc=domain,dc=com?uid?sub
AuthLDAPGroupAttributeIsDN off
AuthLDAPEnabled on
Require group cn=systems,ou=groups,dc=domain,dc=com
AuthLDAPGroupAttribute memberUid
Ubuntu Feisty Fawn (Apache 2.22)
AuthType Basic
AuthName "SVN Repository"
AuthLDAPUrl ldap://ldap-server:389/ou=people,dc=domain,dc=com?uid?sub
AuthzLDAPAuthoritative On
AuthBasicProvider ldap
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=developers,ou=groups,dc=domain,dc=com
Obviously you have to make sure you have the right LDAP modules enabled for each version of Apache2 but that’s all that is required to force Apache2 to authenticate against an LDAP group!