LDAP & htaccess

From Superk

The following \'\'\'.htaccess\'\'\' file will utilize an LDAP server for its authentication list. It depends on the users being identified by the \'\'\'uid\'\'\' attribute and stored in the \'\'\'Users\'\'\' organizational unit. Of course these items should be changed to suit the given configuration.

The \'\'\'Allow from\'\'\' directive is an Apache directive that will bypass the restrictive \'\'\'Deny from all\'\'\' directive if the originating IP matches one of the IPs in the list (or subnets). Separate IPs with a space.

The \'\'\'require user\'\'\' directive should contain a list of specific \'\'\'uid\'\'\'s that are allowed to authenticate. This can be replaced with a \'\'\'require group\'\'\' directive if desired.

\'\'\'satisfy any\'\'\' will check first to see if the originating IP matches the \'\'\'Allow from\'\'\' list and if not, try to authenticate. If Authentication fails, \'\'\'satisfy any\'\'\' will fail and the host will be denied access.

AuthType Basic
AuthName \"Restricted Access\"
                                                                                     
AuthLDAPURL ldap://ldapserver.example.com/ou=Users,dc=example,dc=com?uid?one
AuthLDAPCompareDNOnServer on

Order deny,allow
Deny from all
Allow from 127.0.0.1 10.10.10. 111.111.111.111

require user jdoe bjohnson frogers jshmoe
                                                                                     
satisfy any

LDAP & htaccess

From Superk

See Also

Views

Personal tools

Navigation

Search

Toolbox