LDAP Auth with checking the group user belongs to?

apache-2.2 ldap mod-auth-ldap

Solution 1:

So, we've got users in an OU at OU=Developers,DC=us,DC=domain,DC=com, then certain locations need to have specific group memberships as well - something like CN=ProjectA,OU=Developers,DC=us,DC=domain,DC=com as a group.

Something along these lines should do the trick..

<Location />
    AuthType basic
    AuthName "user message on login"
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative on
    # This is your LDAP server configuration - if you can, use SSL (which requires
    # configuring either an LDAPTrustedGlobalCert or to set LDAPVerifyServerCert Off)
    # The search base DN is included here.
    AuthLDAPURL "ldaps://ldap-server.example.com:636/OU=Developers,DC=us,DC=domain,DC=com?cn"
    # This is the user account that will be used by Apache to bind to LDAP for auth checking.
    AuthLDAPBindDN "CN=ldapserviceaccount,OU=Developers,DC=us,DC=domain,DC=com"
    AuthLDAPBindPassword "passwordhere"
    # For just the / location, we'll force a valid login (any user account in the OU)
    Require valid-user
</Location>
<Location /project-a>
    # And here we'll configure a specific group for this location
    Require ldap-group CN=ProjectA,OU=Developers,DC=us,DC=domain,DC=com
</Location>

Related

Public Share with Samba4 AD DC does not work
iptables error: No chain/target/match by that name?
How to remove hosts from zabbix template?
Adding a new local user hangs netplwiz on server 2008 R2
Can we put random entries on DNS
Having trouble setting up a nginx web server on Amazon EC2
nginx on fedora fastcgi not working
Do I need node.js to use Angularjs?
Changing notification icon background on Lollipop
Automatically wrap long Git commit messages in Vim
How do I get the day of the month in javascript?
Java reflection get all private fields