[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP authentication with uid

Thank you very much.  I think I would like to avoid the use of posixAccount and shadowAccount.  Does anyone have a simpler LDIF containing uid and password?

Also, how does Apache httpd pick up the value for "uid"? 

Thank you,
Mary



On Wednesday, March 23, 2016 4:42 AM, Saša-Stjepan Bakša <ssbaksa@gmail.com> wrote:


Hi,

Maybe this will help you. I am using this for testing purpose and I am sure that there are some more scure examples but ...
This is a test user, test group and test apache2 config part:

User:

dn: uid=ptest,ou=CS,ou=Policy,ou=SDM,dc=lab,dc=os
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: shadowAccount
gidNumber: 27782
givenName: Proba
sn: Test
displayName: Proba Test
uid: ptest
homeDirectory: /home/ptest
gecos: This is a test user
loginShell: /bin/bash
shadowFlag: 0
shadowMin: 0
shadowMax: 99999
shadowWarning: 0
shadowInactive: 99999
shadowLastChange: 12011
shadowExpire: 99999
cn: Proba Test
uidNumber: 51893
userPassword: {SSHA}sdssdske38734mjfFGGHJJ23434dsdsfs=
mail: testproba@gmail.com

Group:

dn: cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os
objectClass: posixGroup
objectClass: top
cn: proba
memberUid: ptest
memberUid: labadmin
gidNumber: 28370

Apache config:

    <Directory /var/www>
        #Options Indexes FollowSymLinks MultiViews
        AllowOverride AuthConfig
        Order allow,deny
        allow from all
    </Directory>

    <Location />
        AuthType Basic
        AuthName "Software"
        AuthBasicProvider ldap
        AuthLDAPURL  "ldap://192.168.15.140:389/ou=SDM,dc=lab,dc=os?uid"
        AuthLDAPGroupAttributeIsDN off
        AuthLDAPGroupAttribute memberUid
        Require ldap-group cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os
    </Location>




On 22 March 2016 at 22:22, Cole <cole@opteqint.net> wrote:
Hi Mary,

If this is similar to ssh auth against LDAP using uid, the dn would
look like the following
dn: uid=christine,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com

Now I am not sure how Apache does the lookup, but if I am wrong, maybe
someone else can reply.

Regards
/Cole

On 22 March 2016 at 21:33, Mary Kao <wmcic@yahoo.com> wrote:
> Hello,
>
> This is a real newbie question ::)
>
> I have configured apache httpd to use LDAP for basic authentication (userid
> and password).
> I am not sure what the directory DN should look like when using "uid" rather
> than "cn"?
>
> In my LDAP directory I have:
>
> dn: cn=Christine Smith,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: uidObject
> cn: Christine Smith
> sn: Smith
> uid: christine
> userPassword:: Y2hyaXN0aW5l
>
>
> Where do I put the "uid" so that when the httpd sends over the uid the ldap
> server will search on it?
>
> Thank you,
> Mary
>
>