Hi,
I am having issues trying to get users to authenticate against apache using mod____auth____ldap. What I would like is for users to authenticate using a form rather than the default dialog box that apache normally displays.
The server 'hosts' a number of applications. If a user tries to access these application without being authenticated against apache, I would like the server to redirect to the login page.
The login page currently sits on the DocumentRoot of the server and each application in it's own directory being referenced by an alias as the login application uses mod_rewrite for the urls. e.g.
Alias /someapp "/opt/applications/someapp/"
<Directory "/opt/applications/someapp">
AuthName "Login"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPUrl ldap://ldapserver:389/dc=somedomain,dc=com?cn
AuthLDAPBindDN cn=Manager,dc=somedomain,dc=com
AuthLDAPBindPassword somepassword
AuthzLDAPAuthoritative off
require valid-user
</Directory>
The login app is using basic authentication against the server so as I understand it this should then enable users who are authorised to access other applications that are restircted using mod____auth____ldap??
Currently DocumentRoot doesn't have any auth_ldap restrictions on it at the moment.
How do I go about forcing a login page to authenticate against apache, so that users can then access the other application?
thanks...
-
Apache would not be able to display a login page by default. When you do a basic authentication, what it does is send a 401 status code back to the browser which pops up the username/password dialogue. Any sort of login page has to have the authentication processing done on the application side.
As an alternative, you may want to look at a authentication federation system such as shibboleth or simplesamlphp. Setting it up can be a pain but once you do, it will do exactly what you want.
It will:
- Allow you to protect any sites in Apache by specifying shibboleth as the authentication mechanism. It loads a mod_shib apache mod to handle the front-end filtering.
- It will present the user with a customisable login page
- You can configure the back-end to authenticate against LDAP.
Hope this helps.
Grant Collins : awesome... I will have a look and let you know how I find it. ThanksFrom sybreon
0 comments:
Post a Comment