Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP Open Source Middleware Stacks Blueprint:: Directory Services on HP ProLiant Servers with SUSE Linux Enterprise Server 10

Integrating the Apache HTTP Server with the mod_authnz_ldap and mod_ldap Modules
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

spacerspacerspacer
spacer
spacer
  		 
 

The Apache HTTP server is distributed as a bundled pack in the SLES10 distribution. The mod_authnz_ldap and mod_ldap modules are included in the Apache HTTP server package. The following procedure provides the steps to verify installation and test the integration of the modules with the Apache HTTP Server.

Verifying the Installations

  1. Verify that the Apache HTTP server is installed correctly by entering the following command:

    # rpm -q apache2

    The version installed should display:

    apache2-2.2.0-21.2

  2. The mod_ldap.so and mod_authnz_ldap.so modules were installed as part of the distribution and should exist in the /usr/lib64/apache2 directory. Verify this by entering the following commands:

    # rpm -qil apache2 | grep mod_ldap

    The following values is returned:

    /usr/lib64/apache2/mod_ldap.so

    # rpm -qil apache2 | grep mod_authnz_ldap

    The following value is returned:

    /usr/lib64/apache2/mod_authnz_ldap.so

  3. Edit the file /etc/sysconfig/apache2 by adding mod_ldap and mod_authnz_ldap to the value of APACHE_MODULES. Once completed, it should look like the following: 

    APACHE_MODULES="actions alias authnz_ldap ldap auth_basic
authn_file authz_hostauthz_groupfile authz_default authz_user
authn_dbm autoindex cgi dir env expires include log_config
mime negotiation setenvif ssl suexec userdir php5"

Testing LDAP Authentication with the Apache HTTP Server

The Apache document root for SLES10 is /srv/www/htdocs. For this example, assume you need to restrict access to the directory /srv/www/htdocs/ldaptest and also grant access to the directory for the user tomy with the password tom. For information on adding a user to an LDAP server, see “Performing Common CDS Server Operations”.

  1. Create an HTML file named /srv/www/htdocs/ldaptest/index.html and add the following lines to it.

    <HTML>
	<HEAD>
	</HEAD>
		<BODY DIR="LTR">
		<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT FACE="Times New Roman, serif">
		<FONT SIZE=6>The LDAP support worked!</FONT></FONT></P>
		</BODY>
</HTML>

  2. Add the following contents to the file /etc/apache2/default-server.conf :

    <Directory "/srv/www/htdocs/ldaptest">
		Options Indexes FollowSymLinks
		AllowOverride None
		order allow,deny
		allow from all
		AuthType Basic
		AuthName Internal
		AuthBasicAuthoritative off
		AuthBasicProvider ldap
		AuthzLDAPAuthoritative off
		AuthLDAPURL ldap://<LDAP_SERVER_IP_ADDRESS>/dc=osm,dc=example,dc=com?uid??	
		(objectclass=*)
		require valid-user
		AuthLDAPBindDN cn=Manager,dc=example,dc=com
		AuthLDAPBindPassword secret
</Directory>

    AuthLDAPBindDN is the rootdn configured in the LDAP server. AuthLDAPBindPassword is the password for simple authentication in the LDAP Server.

    The values of the two attributes are set in the /opt/symas/etc/openldap/slapd.conf file on the LDAP server. See “Installing and Configuring Symas CDS and Apache Modules” for more details about CDS server configuration.

    The mod_authnz_ldap manual about these directives is located at:

    http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html

  3. Restart the Apache HTTP server by entering the following command:

    # /etc/init.d/apache2 restart

  4. Launch a browser window and navigate to http://Your_Web_Server_IP/ldaptest/.

  5. At the prompt, log in with the user name tomy and the password tom.

Figure 6 Log In Prompt

Log In Prompt

If the log in fails, the following message is displayed: Authorization Required

If the log in succeeds, the following message is displayed: The LDAP support worked!

Testing the Secure SSL-Enabled LDAP Connections

For this example, assume you need to restrict access to the directory /srv/www/htdocs/ldapssltest and grant access to the directory for the user tomy with the password tom.

  1. Create an HTML file named /srv/www/htdocs/ldapssltest/index.html with the following content:

    <HTML>
	<HEAD>
	</HEAD>
		<BODY DIR="LTR">
		<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT FACE="Times New Roman,serif">
		<FONT SIZE=6>
		The LDAP SSL support worked!</FONT></FONT></P>
		</BODY>
</HTML>

  2. Copy the Certificate Authority file from the CDS server to the /etc/apache2 directory and name it cacert.pem. See“Setting up Security for the CDS Server ” for more details about the secure CDS server configuration and Certificate Authority file generation.

  3. Add the following contents to the file /etc/apache2/default-server.conf:

    LDAPTrustedGlobalCert CA_BASE64 /etc/apache2/cacert.pem
<Directory "/srv/www/htdocs/ldapssltest">
		Options Indexes FollowSymLinks
		AllowOverride None
		order allow,deny
		allow from all
		AuthType Basic
		AuthName ldaptest
		AuthBasicAuthoritative off
		AuthBasicProvider ldap
		AuthzLDAPAuthoritative off
		AuthLDAPURL ldaps://<LDAP_SERVER_IP_ADDRESS>/dc=osm,dc=example,dc=com?uid??(		objectclass=*)
		require valid-user
		AuthLDAPBindDN cn=Manager,dc=example,dc=com
		AuthLDAPBindPassword secret
</Directory>

  4. Restart the Apache HTTP server by entering the following command:

    # /etc/init.d/apache2 restart

  5. Launch a browser window and navigate to:

    http://Your_Web_Server_IP/ldapssltest/

  6. At the prompt, log in with the user name tomy and password tom.

    If the log in fails, the following message is displayed: Authorization Required

    If the log in succeeds, the following message is displayed: The LDAP SSL support worked!



Configuring the Master-Slave Replication
  		 


Setting up Security for the CDS Server  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.