You can beef up the of your Apache Web server by enabling authentication against LDAP. This works in case you would wish users to authenticate themselves before peering into what the server hosts.
This guide illustrates how you can force users to authenticate themselves against PAM or LDAP. We assume that you already have LDAP installed and users already existing. If not, the following guides will help you set up LDAP quickly.
To get the results that we desire, let us go on to the following steps.
Step 1: Install Apache if not installed already
This step assumes you do not have Apache already installed. We shall use it as our example and test authentication. Fire up your terminal and issue the command below
sudo dnf install httpd -y
Step 2: Install mod_ldap
mod_ldap will be used by Apache to authenticate against LDAP. Install it as below
sudo dnf install mod_ldap
Step 3: Create a sample Test page
To test if our LDAP authentication works, let us create a simple HTML file and protect it with LDAP authentication.
sudo vim /etc/httpd/conf.d/ldap.conf
Create your configuration like below.
<Directory /var/www/html/ldap> AuthName "LDAP Authentication" AuthType Basic AuthBasicProvider ldap AuthLDAPURL ldap://192.168.250.229/dc=computingforgeeks,dc=com?uid?sub?(objectClass=*) Require ldap-filter objectClass=posixAccount </Directory>
Reference: HTTPD Authentication and Authorization
Step 4: Create the root directory of the page
Since the root directory is on a new folder, let us create it and add our simple web page inside
sudo mkdir /var/www/html/auth-ldap
Add the webpage
sudo vim /var/www/html/ldap/index.html
<html> <body> <div style="width: 100%; font-size: 50px; font-weight: bold; text-align: center;"> This page confirms that LDAP Authentication works </div> </body> </html>
Since the page will be loaded by apache, change the file added to belong to apache
sudo chown -R apache:apache /var/www/html/ldap
Step 5: Restart Apache
Apache needs to be restarted every time core configuration changes have taken place. Let us restart httpd daemon
sudo systemctl restart httpd
Step 6: Test if it works
Load your favorite browser and enter the URL that the page is to be loaded on. For me it is
http://example.com or IP/ldap
The page loads and asks for credentials. Enter username and password that exists in your LDAP server.
And the page loads
LDAP adds a layer of security to your web page in case you would wish only authorized users to use the service you are offering. This can be such a convenient way especially if you already have LDAP running within your set-up. There is no hassle involved in creating fresh credentials and that if efficiency.
Thank you for visiting and going through materials on the blog. Other interesting guides are listed below for you.