View Full Version: Apache And Ldap Authentication

LawsonTalk > Security > Apache And Ldap Authentication


Title: Apache And Ldap Authentication
Description: pain in the _ss or piece of cake?


3monkeys - February 21, 2006 09:10 PM (GMT)
We're planning to implement LDAP authentication for Portal and need a shove in the right direction. We're on env 8.0.3 using apache 1.3.31 on an AIX server, all local. Have found about a half dozen apache modules which offer ldap compatibility. Finding the documentation that explains how to do it has been elusive. We haven't touched our Portal components since they were first installed so aren't sure how to add a new module and get it to use ldap as the auth method for Portal. Anybody have some good instructions or a helpful website? Not sure if this is really easy or a royal pain. Any insights appreciated.

-GW

Phil Feller - February 22, 2006 01:50 PM (GMT)
I would say that it is easy, but it all depends on how familiar you are doing LDAP queries and with where to find authentication data in your LDAP server. In my experience, lack of LDAP knowledge causes the biggest problems for people trying to configure a server for authentication. If you have little LDAP experience, you should read up on the basics and get an LDAP client (such as the freeware version of Softerra's LDAP Browser: http://www.ldapbrowser.com/) to explore your LDAP schema and try out queries.

Adding modules to Apache is easy. Your httpd.conf file has plenty of examples that you could copy, because of all the modules that are included by default. The Apache documentaion at http://httpd.apache.org/docs/1.3/configuring.html#modules (and the links to documentation for the related directives) ought to tell you everything that you need to know.

3monkeys - February 22, 2006 04:42 PM (GMT)
Thanks, Phil. Personally I have zero ldap query knowledge. I'm hoping others in my organization can assist on that front and of course I'm willing to learn.

-GW

forestearly - February 22, 2006 11:05 PM (GMT)
We're using the LDAP protocol to authenticate against AD -

Basically what you need is:

Apache compiled with mod_auth_ldap, mod_auth,

3rd party LDAP libraries
OpenLDAP SDK (both 1.x and 2.x),
Novell LDAP SDK
iPlanet (Netscape) SDK

Active Directory server to authenticate against


It's not too terrible to set up. The hardest part for me was finding the above.
Then learn the ldapsearch syntax for testing.

GaryJ - June 27, 2006 04:14 PM (GMT)
We have Apache authenticating against AD as well. There are several places within the portal that we are being prompted to login a 2nd time. Is anyone else having this issue or where could I check to see why we are being prompted a 2nd time?? Any help appreciated. Thanks!

GaryJ

dctarheel - July 13, 2006 08:55 PM (GMT)
Make sure your AuthName entry in httpd.conf is the same for all the directories set up for authentication (for that virtual host). That keeps it from re-prompting.



Hosted for free by InvisionFree