Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP Open Source Middleware Stacks Blueprint:: Directory Services on HP ProLiant and HP Integrity Servers with Red Hat Linux Enterprise Version 5

Integrating the Apache HTTP Server with the mod_authnz_ldap and mod_ldap Modules
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

spacerspacerspacer
spacer
spacer
  		 
 

The Apache HTTP server is distributed as a bundled pack in the RHEL5 distribution. The mod_authnz_ldap and mod_ldap modules are included in the Apache HTTP server package. The following procedure provides the steps to verify installation and test the integration of the modules with the Apache HTTP Server.

Verifying the Installations

  1. Verify that the Apache HTTP server is installed correctly by entering the following command:

    # rpm -q httpd

    The version installed should display:

    httpd-2.2.3-6.el5

  2. The mod_ldap.so and mod_authnz_ldap.so modules were installed as part of the distribution and should exist in the /etc/httpd/modules/ directory. Verify this by entering the following commands:

    # rpm -qil httpd | grep mod_ldap

    The following values are returned:

    • /usr/lib/httpd/modules/mod_ldap.so (on x86 and HP Integrity systems)

    • /usr/lib64/httpd/modules/mod_ldap.so (on x86_64 systems)

    # rpm -qil httpd |grep mod_authnz_ldap

    The following values are returned:

    • /usr/lib/httpd/modules/mod_authnz_ldap.so (on x86 and HP Integrity systems)

    • /usr/lib64/httpd/modules/mod_authnz_ldap.so (on x86_64 platform)

  3. Verify the following lines exist in the /etc/httpd/conf/httpd.conf file:

    LoadModule ldap_module modules/mod_ldap.so

    LoadModule auth_ldap_module modules/mod_authnz_ldap.so

Testing LDAP Authentication with the Apache HTTP Server

The Apache document root for RHEL5 is /var/www/html. For this example, assume you need to restrict access to the directory /var/www/html/ldaptest and also grant access to the directory for the user tomy with the password tom. For information on adding a user to an LDAP server, see “Performing Common CDS Server Operations”.

  1. Create an HTML file named /var/www/html/ldaptest/index.html and add the following lines to it.

    <HTML>
	<HEAD>
	</HEAD>
		<BODY DIR="LTR">
		<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT FACE="Times New Roman, serif">
		<FONT SIZE=6>The LDAP support worked!</FONT></FONT></P>
		</BODY>
</HTML>

  2. Add the following contents to the file /etc/httpd/conf/httpd.conf :

    <Directory "/var/www/html/ldaptest">
		Options Indexes FollowSymLinks
		AllowOverride None
		order allow,deny
		allow from all
		AuthType Basic
		AuthName Internal
		AuthBasicAuthoritative off
		AuthBasicProvider ldap
		AuthzLDAPAuthoritative off
		AuthLDAPURL ldap://<LDAP_SERVER_IP_ADDRESS>/dc=osm,dc=example,dc=com?uid??	
		(objectclass=*)
		require valid-user
		AuthLDAPBindDN cn=Manager,dc=example,dc=com
		AuthLDAPBindPassword secret
</Directory>

    AuthLDAPBindDN is the rootdn configured in the LDAP server. AuthLDAPBindPassword is the password for simple authentication in the LDAP Server.

    The values of the two attributes are set in the /opt/symas/etc/openldap/slapd.conf file on the LDAP server. See “Installing and Configuring Symas CDS and Apache Modules” for more details about CDS server configuration.

    The mod_authnz_ldap manual about these directives is located at:

    http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html

  3. Restart the Apache HTTP server by entering the following command:

    # /etc/init.d/httpd restart

  4. Launch a browser window and navigate to http://Your_Web_Server_IP/ldaptest/.

  5. At the prompt, log in with the user name tomy and the password tom.

Figure 6 Log In Prompt

Log In Prompt

If the log in fails, the following message is displayed: Authorization Required

If the log in succeeds, the following message is displayed: The LDAP support worked!

Testing the Secure SSL-Enabled LDAP Connections

For this example, assume you need to restrict access to the directory /var/www/html/ldapssltest and grant access to the directory for the user tomy with the password tom.

  1. Create an HTML file named /var/www/html/ldapssltest/index.html with the following content:

    <HTML>
	<HEAD>
	</HEAD>
		<BODY DIR="LTR">
		<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT FACE="Times New Roman,serif">
		<FONT SIZE=6>
		The LDAP SSL support worked!</FONT></FONT></P>
		</BODY>
</HTML>

  2. Copy the Certificate Authority file from the CDS server to the /etc/httpd directory and name it cacert.pem. See“Setting up Security for the CDS Server ” for more details about the secure CDS server configuration and Certificate Authority file generation.

  3. Add the following contents to the file /etc/httpd/conf/httpd.conf:

    LDAPTrustedGlobalCert CA_BASE64 /etc/httpd/cacert.pem
<Directory "/var/www/html/ldapssltest">
		Options Indexes FollowSymLinks
		AllowOverride None
		order allow,deny
		allow from all
		AuthType Basic
		AuthName ldaptest
		AuthBasicAuthoritative off
		AuthBasicProvider ldap
		AuthzLDAPAuthoritative off
		AuthLDAPURL ldaps://<LDAP_SERVER_IP_ADDRESS>/dc=osm,dc=example,dc=com?uid??(		objectclass=*)
		require valid-user
		AuthLDAPBindDN cn=Manager,dc=example,dc=com
		AuthLDAPBindPassword secret
</Directory>

  4. Restart the Apache HTTP server by entering the following command:

    # /etc/init.d/httpd restart

  5. Launch a browser window and navigate to:

    http://Your_Web_Server_IP/ldapssltest/

  6. At the prompt, log in with the user name tomy and password tom.

    If the log in fails, the following message is displayed: Authorization Required

    If the log in succeeds, the following message is displayed: The LDAP SSL support worked!



Configuring the Master-Slave Replication
  		 


Setting up Security for the CDS Server  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.