These instructions have nothing special about them. There are many such instructions on the internet.
The purpose here is only as reference for myself and maybe you as well.
Here I’m assuming that you have installed openLDAP and created users and groups in LDAP server.
In the following examples the users and groups login names are set in the ‘cn‘ field of each user.
I used phpLDAPAdmin web interface to enter the Users and groups.
In this interface I used the following templates:
Users: Default
Groups: Generic: Posix Group
Here is an example of users web authentication:
Requires Apache modules: mod_ldap and mod_authnz_ldap
cd /etc/apache2/mods-enabled
ln -s ../mods-available/ldap.load
ln -s ../mods-available/authnz_ldap.load
Note: We want users ‘john’ and ‘peter’ to be allowed in an area called /docs/private.
Apache configuration:
Single Users Web authentication
In this case although ‘john’ and ‘peter’ are belonging to the group ‘admins’ we authenticate only the single users without any reference to their group.
Syntax of AuthLDAPURL
Syntax: Protocol://ServerName/SearRealmFilter?searchAttributeApache Directives
Description:
Protocol: ldap
ServerName: 127.0.0.1
SearRealmFilter: ou=People,dc=itmatrix,dc=srv
SearchAttribute: cn
<Location /docs/private>
AuthType Basic
AuthBasicProvider ldap
AuthName "LDAP Auth"
AuthzLDAPAuthoritative On
AuthLDAPURL "ldap://127.0.0.1/ou=People,dc=itmatrix,dc=srv?cn"
Require ldap-user john peter
</Location>
Group Web authentication
In order to authenticate different locations of an SVN tree we need to create different configuration files
for each location. Here is an example of the group authentication of one area.
IMPORTANT: The primary group of each user MUST also have the user in its ‘secondary group list’
eg.
User: michel
Primary group: admin
Secondary group: admin
Secondary group: sales
Secondary group: pr
Apache Directives
<Location /docs/private>
Order deny,allow
Deny from All
#
AuthType Basic
AuthBasicProvider ldap
AuthName "LDAP Auth"
AuthLDAPURL "ldap://127.0.0.1/ou=People,dc=itmatrix,dc=srv?cn"
AuthzLDAPAuthoritative On
Satisfy any
#
# =========== GROUP auth =========================
# Group auth - Using Posix Group Template and Default User Template in phpLDAPAdmin
# Standard Group Attribute where the secondary users IDs are stored
AuthLDAPGroupAttribute memberUid
#
# Group record doesn't store the full DN, therefore turning it off
AuthLDAPGroupAttributeIsDN off
#
# Allow users of secondary and of primary group 'sales' which have the GID=1004
Require ldap-group cn=sales,ou=Group,dc=itmatrix,dc=srv
Require ldap-attribute gidNumber=1004
#
#----------- OPTIONAL GROUP auth---------------
# Allow users of secondary and of primary group 'pr' which have the GID=1002
Require ldap-group cn=pr,ou=Group,dc=itmatrix,dc=srv
Require ldap-attribute gidNumber=1002
</Location>
More information at: http://www.linux.com/archive/feature/120050