[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP authentication with uid



Am Wed, 23 Mar 2016 14:40:41 +0000 (UTC)
schrieb Mary Kao <wmcic@yahoo.com>:

> Thank you very much.  I think I would like to avoid the use of
> posixAccount and shadowAccount.  Does anyone have a simpler LDIF
> containing uid and password? 

As your object provides an attribute 'uid:christine', you don't have to
rewrite the DN, man slapd.conf(5) provides some hints how to solve your
problem. In particular read on  authid-rewrite and authz-regexp
 
> Also, how does Apache httpd pick up the value for "uid"? 

This depends on the apache module configured, but you may read on apache
mod_authnz_ldap, as mod_auth_ldap is not supported any more.
http://httpd.apache.org/docs/current/howto/auth.html

-Dieter
> 
> Thank you,Mary
>  
> 
>     On Wednesday, March 23, 2016 4:42 AM, Saša-Stjepan Bakša
> <ssbaksa@gmail.com> wrote: 
> 
>  Hi,
> 
> Maybe this will help you. I am using this for testing purpose and I
> am sure that there are some more scure examples but ... This is a
> test user, test group and test apache2 config part:
> 
> User:
> 
> dn: uid=ptest,ou=CS,ou=Policy,ou=SDM,dc=lab,dc=os
> objectClass: posixAccount
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: shadowAccount
> gidNumber: 27782
> givenName: Proba
> sn: Test
> displayName: Proba Test
> uid: ptest
> homeDirectory: /home/ptest
> gecos: This is a test user
> loginShell: /bin/bash
> shadowFlag: 0
> shadowMin: 0
> shadowMax: 99999
> shadowWarning: 0
> shadowInactive: 99999
> shadowLastChange: 12011
> shadowExpire: 99999
> cn: Proba Test
> uidNumber: 51893
> userPassword: {SSHA}sdssdske38734mjfFGGHJJ23434dsdsfs=
> mail: testproba@gmail.com
> 
> Group:
> 
> dn: cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os
> objectClass: posixGroup
> objectClass: top
> cn: proba
> memberUid: ptest
> memberUid: labadmin
> gidNumber: 28370
> 
> Apache config:
> 
>     <Directory /var/www>
>         #Options Indexes FollowSymLinks MultiViews
>         AllowOverride AuthConfig
>         Order allow,deny
>         allow from all
>     </Directory>
> 
>     <Location />
>         AuthType Basic
>         AuthName "Software"
>         AuthBasicProvider ldap
>         AuthLDAPURL
> "ldap://192.168.15.140:389/ou=SDM,dc=lab,dc=os?uid";
> AuthLDAPGroupAttributeIsDN off AuthLDAPGroupAttribute memberUid
>         Require ldap-group
> cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os </Location>
> 
> 
> 
> 
> On 22 March 2016 at 22:22, Cole <cole@opteqint.net> wrote:
> 
> Hi Mary,
> 
> If this is similar to ssh auth against LDAP using uid, the dn would
> look like the following
> dn: uid=christine,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com
> 
> Now I am not sure how Apache does the lookup, but if I am wrong, maybe
> someone else can reply.
> 
> Regards
> /Cole
> 
> On 22 March 2016 at 21:33, Mary Kao <wmcic@yahoo.com> wrote:
> > Hello,
> >
> > This is a real newbie question ::)
> >
> > I have configured apache httpd to use LDAP for basic authentication
> > (userid and password).
> > I am not sure what the directory DN should look like when using
> > "uid" rather than "cn"?
> >
> > In my LDAP directory I have:
> >
> > dn: cn=Christine
> > Smith,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com objectClass:
> > top objectClass: person
> > objectClass: organizationalPerson
> > objectClass: uidObject
> > cn: Christine Smith
> > sn: Smith
> > uid: christine
> > userPassword:: Y2hyaXN0aW5l
> >
> >
> > Where do I put the "uid" so that when the httpd sends over the uid
> > the ldap server will search on it?
> >
> > Thank you,
> > Mary
> >
> >
> 
> 
> 
> 
> 
>   



-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E