Protect Apache web pages with LDAP authentication
Introduction
You can enhance the capabilities of the Apache web server by enabling authentication against LDAP. This method works if you want users to authenticate server-hosted content before peering it.
This guide explains how to force users to authenticate against PAM or LDAP. We assume that you have LDAP installed and the user already exists. If not, the following guide will help you set up LDAP quickly.
Install and configure OpenLDAP and phpLDAPadmin on Ubuntu 18.04 LTS
How to install and configure OpenLDAP Server on Ubuntu 18.04 LTS
How to install and configure OpenLDAP Server on Debian 10 (Buster)
To get the results we want, let’s continue with the following steps.
Step 1: Install Apache (if not already installed)
This step assumes that you have not installed Apache. We use it as an example and test authentication. Launch your terminal and issue the following command
sudo dnf install httpd -y
Step 2: Install mod_ldap
Apache will use mod_ldap to authenticate with LDAP. Install as follows
sudo dnf install mod_ldap
Step 3: Create a sample “test” page
To test if our LDAP authentication works, let’s create a simple HTML file and secure it with LDAP authentication.
sudo vim /etc/httpd/conf.d/ldap.conf
Create your configuration as follows.
AuthName "LDAP Authentication" AuthType Basic AuthBasicProvider ldap AuthLDAPURL ldap://192.168.250.229/dc=computingforgeeks,dc=com?uid?sub?(objectClass=*) Require ldap-filter objectClass=posixAccount
reference: HTTPD authentication and authorization
Step 4: Create the root directory of the page
Since the root directory is in a new folder, let’s create it and add simple web pages to it
sudo mkdir /var/www/html/auth-ldap
Add web page
sudo vim /var/www/html/ldap/index.html
This page confirms that LDAP Authentication works
Change permissions
Since the page will be loaded by apache, change the added files to belong to apache
sudo chown -R apache:apache /var/www/html/ldap
Step 5: Restart Apache
You need to restart Apache whenever the core configuration changes. Let’s restart the httpd daemon
sudo systemctl restart httpd
Step 6: Test if it works
Load your favorite browser and enter the URL of the page you want to load. to me
http://example.com or IP / ldap
The page loads and asks for credentials. Enter the username and password that exist in your LDAP server.
Then the page loads
wrap up
LDAP adds a layer of security to your web pages in case you only want authorized users to use the services you provide. This may be a convenient method, especially if you already have LDAP running in your settings. There is no hassle to create new credentials and it is very efficient.
Thank you for visiting and browsing the materials in the blog. Here are other interesting guides for you.
How to remove the Apache welcome / test page on CentOS 7/8
Install Varnish Cache 6 for Apache / Nginx on CentOS 7
How to install phpMyAdmin with Apache on Debian 10 (Buster)
Install Apache with mod_ssl and mod_http2 on CentOS 8 / RHEL 8