Manualshelf

HP OSMS Blueprint: Directory Services on HP ProLiant Servers with SLES10

ManualsBrandsHP ManualsSoftwareHP Linux Caliper Software Electronic LTU
11121314151617181920
/usr/lib64/apache2/mod_ldap.so
# rpm -qil apache2 | grep mod_authnz_ldap
The following value is returned:
/usr/lib64/apache2/mod_authnz_ldap.so
3. Edit the file /etc/sysconfig/apache2 by adding mod_ldap and mod_authnz_ldap
to the value of APACHE_MODULES. Once completed, it should look like the following:
APACHE_MODULES="actions alias authnz_ldap ldap auth_basic
authn_file authz_hostauthz_groupfile authz_default authz_user
authn_dbm autoindex cgi dir env expires include log_config
mime negotiation setenvif ssl suexec userdir php5"
Testing LDAP Authentication with the Apache HTTP Server
The Apache document root for SLES10 is /srv/www/htdocs. For this example, assume you
need to restrict access to the directory /srv/www/htdocs/ldaptest and also grant access to
the directory for the user tomy with the password tom. For information on adding a user to an
LDAP server, see “Performing Common CDS Server Operations” (page 12).
1. Create an HTML file named /srv/www/htdocs/ldaptest/index.html and add the
following lines to it.
<HTML>
<HEAD>
</HEAD>
<BODY DIR="LTR">
<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT FACE="Times New Roman, serif">
<FONT SIZE=6>The LDAP support worked!</FONT></FONT></P>
</BODY>
</HTML>
2. Add the following contents to the file /etc/apache2/default-server.conf :
<Directory "/srv/www/htdocs/ldaptest">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthType Basic
AuthName Internal
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://<LDAP_SERVER_IP_ADDRESS>/dc=osm,dc=example,dc=com?uid??
(objectclass=*)
require valid-user
AuthLDAPBindDN cn=Manager,dc=example,dc=com
AuthLDAPBindPassword secret
</Directory>
AuthLDAPBindDN is the rootdn configured in the LDAP server. AuthLDAPBindPassword
is the password for simple authentication in the LDAP Server.
The values of the two attributes are set in the /opt/symas/etc/openldap/slapd.conf
file on the LDAP server. See “Installing and Configuring Symas CDS and Apache Modules”
(page 8) for more details about CDS server configuration.
The mod_authnz_ldap manual about these directives is located at:
http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
3. Restart the Apache HTTP server by entering the following command:
# /etc/init.d/apache2 restart
4. Launch a browser window and navigate to http://Your_Web_Server_IP/ldaptest/.
5. At the prompt, log in with the user name tomy and the password tom.
20