BWeb Installation with Apache 2.4 and Ldap with Group Authentication RHEL

Enterprise

Bacula Enterprise Only

This solution is only available for Bacula Enterprise. For subscription inquiries, please reach out to sales@baculasystems.com.

This article gives specific insight on how to set up group ldap authentication on RHEL 8 and any derivatives. See for the whole procedure to enable it in the main article.

Configuration Settings

The content presented below was tested successfully on a rhel8 VM enabling authentication for users in a certain group. In the example below, the only users that should be able to authenticate are in the “bacadmin” group.

Openldap structure on the tested openldap server:

dn: dc=u,dc=l3
objectClass: top
objectClass: dcObject
objectClass: organization
o: u
dc: u

dn: cn=bacula_binding.service,dc=u,dc=l3
objectClass: organizationalRole
cn: admin
cn: bacula_binding.service
description: Ldap admin

dn: ou=People,dc=u,dc=l3
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=u,dc=l3
objectClass: organizationalUnit
ou: Groups

dn: cn=bacadmin,ou=Groups,dc=u,dc=l3
objectClass: top
objectClass: posixGroup
gidNumber: 678
cn: bacadmin
memberUid: charles
memberUid: foo

dn: ou=users,dc=u,dc=l3
objectClass: top
objectClass: organizationalUnit
ou: users

dn: uid=charles,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: charles
uid: charles
uidNumber: 16859
gidNumber: 678
homeDirectory: /home/charles
loginShell: /bin/bash
gecos: charles
shadowMax: 0
shadowWarning: 0

dn: uid=foo,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: foo
uid: foo
uidNumber: 16860
gidNumber: 678
homeDirectory: /home/foo
loginShell: /bin/bash
gecos: foo
shadowMax: 0
shadowWarning: 0

dn: uid=bweb,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: bweb
uid: bweb
uidNumber: 16869
gidNumber: 679
homeDirectory: /home/bweb
loginShell: /bin/bash
gecos: bweb
shadowMax: 0
shadowWarning: 0

dn: uid=bwebadmin,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: bwebadmin
uid: bwebadmin
uidNumber: 16879
gidNumber: 679
homeDirectory: /home/bwebadmin
loginShell: /bin/bash
gecos: bwebadmin
shadowMax: 0
shadowWarning: 0

dn: cn=dev,ou=Groups,dc=u,dc=l3
objectClass: top
objectClass: posixGroup
gidNumber: 679
cn: dev
memberUid: bweb
memberUid: bwebadmin

vi /etc/httpd/conf.d/bweb-apache.conf

################################# Authentication with groups

              AuthType Basic
              AuthName "Auth"
              AuthBasicProvider ldap
              AuthLDAPURL ldap://$your_ldap_server:389/dc=u,dc=l3?uid?sub?(objectClass=*)
              AuthLDAPBindDN "cn=bacula_binding.service,dc=u,dc=l3"
              AuthLDAPBindPassword "$your_password"
              AuthLDAPGroupAttribute memberUid
              AuthLDAPGroupAttributeIsDN off
              Require ldap-group cn=bacadmin,ou=Groups,dc=u,dc=l3
##########################################

See also

Previous articles:

• BWeb Installation with Apache and LDAP Authentication Centos 7

• Bweb Installation with Apache 2.4 and Ldap Authentication RHEL 8

Go back to: BWeb Installation with Apache.