Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
patches mod_auth_ldap / mod_authnz_ldap so you can use one global LDAP bind user
C
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
bin_dbg
bin_release
patch
src Fixed segfault on startup
README
VERSION

README

Global LDAP bind user for Apache 2.2.21 module mod_authnz_ldap

This patch introduces three new configuration directives for mod_authnz_ldap:

 * AuthLDAPGlobalURL <URL>
 * AuthLDAPGlobalBindDN <DN>
 * AuthLDAPGlobalBindPassword <Password>

I developed the patch of the following reason:
---
>> httpd.conf
...
	<Location /ldap_enabled_1>
		AuthType Basic
		AuthName "LDAP"
		AuthLDAPURL "ldap://ldapsrv"
		AuthLDAPBindDN "LDAP-USER"
		AuthLDAPBindPassword "LDAP-PASSWORD"
		AuthzLDAPAuthoritative Off
		require group CN=LDAP-enabled-Grp1,OU=mygroup,DC=mydomain,DC=local
	</Location>
	
	<Location /ldap_enabled_2>
		AuthType Basic
		AuthName "LDAP"
		AuthLDAPURL "ldap://ldapsrv"
		AuthLDAPBindDN "LDAP-USER"
		AuthLDAPBindPassword "LDAP-PASSWORD"
		AuthzLDAPAuthoritative Off
		require group CN=LDAP-enabled-Grp2,OU=mygroup,DC=mydomain,DC=local
	</Location>
...
---
You can see that AuthLDAPURL, AuthLDAPBindDN and AuthLDAPBindPassword always refers to the same values and we did nothing more than copy and paste. 

With AuthLDAPGlobal* you only define the values once for all <Location> or <Directory> sections:
---
>> httpd.conf
	AuthLDAPGlobalURL "ldap://ldapsrv"
	AuthLDAPGlobalBindDN "LDAP-USER"
	AuthLDAPGlobalBindPassword "LDAP-PASSWORD"
		
	<Location /ldap_enabled_1>
		# inherited from AuthLDAPGlobal*
		AuthType Basic
		AuthName "LDAP"
		AuthzLDAPAuthoritative Off
		require group CN=LDAP-enabled-Grp1,OU=mygroup,DC=mydomain,DC=local
	</Location>
	
	<Location /ldap_enabled_1>
		# inherited from AuthLDAPGlobal*
		AuthType Basic
		AuthName "LDAP"
		AuthzLDAPAuthoritative Off
		require group CN=LDAP-enabled-Grp2,OU=mygroup,DC=mydomain,DC=local
	</Location>
	

Christopher Klein <ckl[at]ecw[dot]de> / http://wap.ecw.de
Something went wrong with that request. Please try again.