[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP authentication with uid
Am Wed, 23 Mar 2016 14:40:41 +0000 (UTC)
schrieb Mary Kao <wmcic@yahoo.com>:
> Thank you very much. I think I would like to avoid the use of
> posixAccount and shadowAccount. Does anyone have a simpler LDIF
> containing uid and password?
As your object provides an attribute 'uid:christine', you don't have to
rewrite the DN, man slapd.conf(5) provides some hints how to solve your
problem. In particular read on authid-rewrite and authz-regexp
> Also, how does Apache httpd pick up the value for "uid"?
This depends on the apache module configured, but you may read on apache
mod_authnz_ldap, as mod_auth_ldap is not supported any more.
http://httpd.apache.org/docs/current/howto/auth.html
-Dieter
>
> Thank you,Mary
>
>
> On Wednesday, March 23, 2016 4:42 AM, Saša-Stjepan Bakša
> <ssbaksa@gmail.com> wrote:
>
> Hi,
>
> Maybe this will help you. I am using this for testing purpose and I
> am sure that there are some more scure examples but ... This is a
> test user, test group and test apache2 config part:
>
> User:
>
> dn: uid=ptest,ou=CS,ou=Policy,ou=SDM,dc=lab,dc=os
> objectClass: posixAccount
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: shadowAccount
> gidNumber: 27782
> givenName: Proba
> sn: Test
> displayName: Proba Test
> uid: ptest
> homeDirectory: /home/ptest
> gecos: This is a test user
> loginShell: /bin/bash
> shadowFlag: 0
> shadowMin: 0
> shadowMax: 99999
> shadowWarning: 0
> shadowInactive: 99999
> shadowLastChange: 12011
> shadowExpire: 99999
> cn: Proba Test
> uidNumber: 51893
> userPassword: {SSHA}sdssdske38734mjfFGGHJJ23434dsdsfs=
> mail: testproba@gmail.com
>
> Group:
>
> dn: cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os
> objectClass: posixGroup
> objectClass: top
> cn: proba
> memberUid: ptest
> memberUid: labadmin
> gidNumber: 28370
>
> Apache config:
>
> <Directory /var/www>
> #Options Indexes FollowSymLinks MultiViews
> AllowOverride AuthConfig
> Order allow,deny
> allow from all
> </Directory>
>
> <Location />
> AuthType Basic
> AuthName "Software"
> AuthBasicProvider ldap
> AuthLDAPURL
> "ldap://192.168.15.140:389/ou=SDM,dc=lab,dc=os?uid"
> AuthLDAPGroupAttributeIsDN off AuthLDAPGroupAttribute memberUid
> Require ldap-group
> cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os </Location>
>
>
>
>
> On 22 March 2016 at 22:22, Cole <cole@opteqint.net> wrote:
>
> Hi Mary,
>
> If this is similar to ssh auth against LDAP using uid, the dn would
> look like the following
> dn: uid=christine,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com
>
> Now I am not sure how Apache does the lookup, but if I am wrong, maybe
> someone else can reply.
>
> Regards
> /Cole
>
> On 22 March 2016 at 21:33, Mary Kao <wmcic@yahoo.com> wrote:
> > Hello,
> >
> > This is a real newbie question ::)
> >
> > I have configured apache httpd to use LDAP for basic authentication
> > (userid and password).
> > I am not sure what the directory DN should look like when using
> > "uid" rather than "cn"?
> >
> > In my LDAP directory I have:
> >
> > dn: cn=Christine
> > Smith,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com objectClass:
> > top objectClass: person
> > objectClass: organizationalPerson
> > objectClass: uidObject
> > cn: Christine Smith
> > sn: Smith
> > uid: christine
> > userPassword:: Y2hyaXN0aW5l
> >
> >
> > Where do I put the "uid" so that when the httpd sends over the uid
> > the ldap server will search on it?
> >
> > Thank you,
> > Mary
> >
> >
>
>
>
>
>
>
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E