BWeb Installation with Apache 2.4 and Ldap with Group Authentication Redhat Oracle 8
This article gives specific insight on how to set up group ldap authentication on RHEL 8 and any derivatives. See for the whole procedure to enable it in the main article.
Configuration Settings
The content presented below was tested successfully on a rhel8 VM enabling authentication for users in a certain group. In the example below, the only users that should be able to authenticate are in the “bacadmin” group.
Openldap structure on the tested openldap server:
dn: dc=u,dc=l3
objectClass: top
objectClass: dcObject
objectClass: organization
o: u
dc: u
dn: cn=bacula_binding.service,dc=u,dc=l3
objectClass: organizationalRole
cn: admin
cn: bacula_binding.service
description: Ldap admin
dn: ou=People,dc=u,dc=l3
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=u,dc=l3
objectClass: organizationalUnit
ou: Groups
dn: cn=bacadmin,ou=Groups,dc=u,dc=l3
objectClass: top
objectClass: posixGroup
gidNumber: 678
cn: bacadmin
memberUid: charles
memberUid: foo
dn: ou=users,dc=u,dc=l3
objectClass: top
objectClass: organizationalUnit
ou: users
dn: uid=charles,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: charles
uid: charles
uidNumber: 16859
gidNumber: 678
homeDirectory: /home/charles
loginShell: /bin/bash
gecos: charles
shadowMax: 0
shadowWarning: 0
dn: uid=foo,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: foo
uid: foo
uidNumber: 16860
gidNumber: 678
homeDirectory: /home/foo
loginShell: /bin/bash
gecos: foo
shadowMax: 0
shadowWarning: 0
dn: uid=bweb,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: bweb
uid: bweb
uidNumber: 16869
gidNumber: 679
homeDirectory: /home/bweb
loginShell: /bin/bash
gecos: bweb
shadowMax: 0
shadowWarning: 0
dn: uid=bwebadmin,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: bwebadmin
uid: bwebadmin
uidNumber: 16879
gidNumber: 679
homeDirectory: /home/bwebadmin
loginShell: /bin/bash
gecos: bwebadmin
shadowMax: 0
shadowWarning: 0
dn: cn=dev,ou=Groups,dc=u,dc=l3
objectClass: top
objectClass: posixGroup
gidNumber: 679
cn: dev
memberUid: bweb
memberUid: bwebadmin
vi /etc/httpd/conf.d/bweb-apache.conf
################################# Authentication with groups
AuthType Basic
AuthName "Auth"
AuthBasicProvider ldap
AuthLDAPURL ldap://$your_ldap_server:389/dc=u,dc=l3?uid?sub?(objectClass=*)
AuthLDAPBindDN "cn=bacula_binding.service,dc=u,dc=l3"
AuthLDAPBindPassword "$your_password"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=bacadmin,ou=Groups,dc=u,dc=l3
##########################################