Enabling LDAP authentication in Apache HTTPD server

Apache httpd server is a widely used open source webserver. By default, the applications deployed in this server will be open to the network and can be accessible without any authentication.

If we want to secure it using some credentials, what we will do .?

Apache httpd server provides several ways to add authentication.

Here I am explaining a basic configuration that enables ldap authentication with apache httpd server. Through this, we can integrate the applications deployed in the apache server with enterprise ldap. We can integrate apache server with LDAP in two steps. These steps are tested with apache httpd version 2.2

Step 1:

Open httpd.conf file and check for the below lines. If it is already present, we are good to go, else add these lines.

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

Step 2:

Add the following configuration at the end of the httpd.conf file

<Directory /var/www/html>
AuthType Basic
AuthName "Web Site: Login with user id"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://ldap.myserver.com:389/ou=people,dc=unix,dc=myserver,dc=com
Require valid-user
</Directory>

 

Now this will allow all the users present in the LDAP directory to access your application.
Now restart the httpd server and try using it. You will be asked for credentials while accessing the webpages 🙂

Creating user home directories automatically in linux in case of LDAP

Users can be added to a linux machine either by creating manually or by syncing with an external authentication system such as LDAP. If you are creating users manually, the user home directories will be automatically created. But if you are syncing with an LDAP, the home directories will not be created automatically by default. If you are going to create all the home directories manually, it will be a tedious job, because in most of the cases, there will be hundreds of users. There are some methods to enable auto creation of user home directories.
One method is by using pam_mkhomedir.so. Another method is using oddjob. The method I am gonna discuss here is using oddjob. It is very easy to enable this feature. My operating system is CentOS 6.4. This solution will work with Redhat and CentOS operating systems.
First install oddjob and oddjob-mkhomedir packages.

yum install oddjob oddjob-mkhomedir

Then start the oddjob service. Make this daemon to start automatically on startup.

chkconfig oddjobd on
service oddjobd start

After this we have to update to our authentication mechanism to instruct oddjob to create the user home directories automatically.

authconfig --enablemkhomedir --update

Now we are ready. The user home directories will be created automatically on login.