Configure mod_ldap to use LDAP directory users for Basic Authentication in httpd. In this example, Active Directory is used with the following environment:
Username and password are sent in plain text with Basic Authentication, so ensure you're using a secure connection with SSL/TLS.
Create a user (e.g., ldapuser) in Active Directory for binding from httpd. It's sufficient to grant Domain Users rights only.
mod_ldapInstall the mod_ldap module.
# Install mod_ldap
[root@www ~]# dnf -y install mod_ldap
Set up Basic Authentication with LDAP for a specific directory, for example, /var/www/html/auth-ldap.
# Configure Basic Authentication with LDAP
[root@www ~]# vi /etc/httpd/conf.d/authnz_ldap.conf
# Add the following configuration
<Directory "/var/www/html/auth-ldap">
SSLRequireSSL
AuthType Basic
AuthName "LDAP Authentication"
AuthBasicProvider ldap
AuthLDAPURL "ldap://fd3s.emc.world:389/ou=LDAPUsers,dc=emc,dc=world?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN ldapuser@emc.world
AuthLDAPBindPassword Password
Require valid-user
</Directory>
# Set permissions for the configuration file
[root@www ~]# chgrp apache /etc/httpd/conf.d/authnz_ldap.conf
[root@www ~]# chmod 640 /etc/httpd/conf.d/authnz_ldap.conf
# Restart httpd to apply changes
[root@www ~]# systemctl restart httpd
# Create a test page
[root@www ~]# mkdir /var/www/html/auth-ldap
[root@www ~]# vi /var/www/html/auth-ldap/index.html
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Test Page for LDAP Authentication
</div>
</body>
</html>
If SELinux is enabled, modify the policy to allow httpd to connect over the network and to LDAP.
# Set SELinux booleans for httpd network and LDAP connections
[root@www ~]# setsebool -P httpd_can_network_connect on
[root@www ~]# setsebool -P httpd_can_connect_ldap on
Access the test page from any client computer with a web browser. Authentication with any Active Directory user is required as per the settings.
http://[your-server's-domain-or-IP]/auth-ldap/index.html.This configuration integrates LDAP directory users with Apache httpd, enhancing the security and management of web application access.