As part of our internal office systems upgrade we have a shiny new LDAP server which we like to use as much as possible. One of the things we use it for is Apache user auth, mainly we control SVN with it so people can only commit to the projects they’re allowed to but we also use it so secure our system’s services from the developers that like to play wannabe sysadmin!

Unfortunately we are running several different flavors of Ubuntu in the office with slightly different Apache2 versions and thus LDAP requirements!

Ubuntu Dapper Drake (Apache 2.0)

<br /> AuthType basic<br /> AuthName "BackupPC admin"<br /> AuthLDAPUrl ldap://ldap-server:389/ou=people,dc=domain,dc=com?uid?sub<br /> AuthLDAPGroupAttributeIsDN off<br /> AuthLDAPEnabled on<br /> Require group cn=systems,ou=groups,dc=domain,dc=com<br /> AuthLDAPGroupAttribute memberUid<br />

Ubuntu Feisty Fawn (Apache 2.22)

<br /> AuthType Basic<br /> AuthName "SVN Repository"<br /> AuthLDAPUrl ldap://ldap-server:389/ou=people,dc=domain,dc=com?uid?sub<br /> AuthzLDAPAuthoritative On<br /> AuthBasicProvider ldap<br /> AuthLDAPGroupAttribute memberUid<br /> AuthLDAPGroupAttributeIsDN off<br /> Require ldap-group cn=developers,ou=groups,dc=domain,dc=com<br />

Obviously you have to make sure you have the right LDAP modules enabled for each version of Apache2 but that’s all that is required to force Apache2 to authenticate against an LDAP group!