Protect Apache web pages with LDAP authentication


You can enhance the capabilities of the Apache web server by enabling authentication against LDAP. This method works if you want users to authenticate server-hosted content before peering it.

This guide explains how to force users to authenticate against PAM or LDAP. We assume that you have LDAP installed and the user already exists. If not, the following guide will help you set up LDAP quickly.

Install and configure OpenLDAP and phpLDAPadmin on Ubuntu 18.04 LTS

How to install and configure OpenLDAP Server on Ubuntu 18.04 LTS

How to install and configure OpenLDAP Server on Debian 10 (Buster)

To get the results we want, let’s continue with the following steps.

Step 1: Install Apache (if not already installed)

This step assumes that you have not installed Apache. We use it as an example and test authentication. Launch your terminal and issue the following command

sudo dnf install httpd -y

Step 2: Install mod_ldap

Apache will use mod_ldap to authenticate with LDAP. Install as follows

sudo dnf install mod_ldap

Step 3: Create a sample “test” page

To test if our LDAP authentication works, let’s create a simple HTML file and secure it with LDAP authentication.

sudo vim /etc/httpd/conf.d/ldap.conf

Create your configuration as follows.

     AuthName "LDAP Authentication"
     AuthType Basic
     AuthBasicProvider ldap
     AuthLDAPURL ldap://,dc=com?uid?sub?(objectClass=*)
     Require ldap-filter objectClass=posixAccount

reference: HTTPD authentication and authorization

Step 4: Create the root directory of the page

Since the root directory is in a new folder, let’s create it and add simple web pages to it

sudo mkdir /var/www/html/auth-ldap

Add web page

sudo vim /var/www/html/ldap/index.html

This page confirms that LDAP Authentication works

Change permissions

Since the page will be loaded by apache, change the added files to belong to apache

sudo chown -R apache:apache /var/www/html/ldap

Step 5: Restart Apache

You need to restart Apache whenever the core configuration changes. Let’s restart the httpd daemon

sudo systemctl restart httpd

Step 6: Test if it works

Load your favorite browser and enter the URL of the page you want to load. to me or IP / ldap

The page loads and asks for credentials. Enter the username and password that exist in your LDAP server.

Then the page loads

wrap up

LDAP adds a layer of security to your web pages in case you only want authorized users to use the services you provide. This may be a convenient method, especially if you already have LDAP running in your settings. There is no hassle to create new credentials and it is very efficient.

Thank you for visiting and browsing the materials in the blog. Here are other interesting guides for you.

How to remove the Apache welcome / test page on CentOS 7/8

Install Varnish Cache 6 for Apache / Nginx on CentOS 7

How to install phpMyAdmin with Apache on Debian 10 (Buster)

Install Apache with mod_ssl and mod_http2 on CentOS 8 / RHEL 8

Related Posts