BWeb Installation with Apache 2.4 and Ldap with Group Authentication Redhat Oracle 8

This article gives specific insight on how to set up group ldap authentication on RHEL 8 and any derivatives. See for the whole procedure to enable it in the main article.

Configuration Settings

The content presented below was tested successfully on a rhel8 VM enabling authentication for users in a certain group. In the example below, the only users that should be able to authenticate are in the “bacadmin” group.

Openldap structure on the tested openldap server:

dn: dc=u,dc=l3
objectClass: top
objectClass: dcObject
objectClass: organization
o: u
dc: u

dn: cn=bacula_binding.service,dc=u,dc=l3
objectClass: organizationalRole
cn: admin
cn: bacula_binding.service
description: Ldap admin

dn: ou=People,dc=u,dc=l3
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=u,dc=l3
objectClass: organizationalUnit
ou: Groups

dn: cn=bacadmin,ou=Groups,dc=u,dc=l3
objectClass: top
objectClass: posixGroup
gidNumber: 678
cn: bacadmin
memberUid: charles
memberUid: foo

dn: ou=users,dc=u,dc=l3
objectClass: top
objectClass: organizationalUnit
ou: users

dn: uid=charles,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: charles
uid: charles
uidNumber: 16859
gidNumber: 678
homeDirectory: /home/charles
loginShell: /bin/bash
gecos: charles
shadowMax: 0
shadowWarning: 0

dn: uid=foo,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: foo
uid: foo
uidNumber: 16860
gidNumber: 678
homeDirectory: /home/foo
loginShell: /bin/bash
gecos: foo
shadowMax: 0
shadowWarning: 0

dn: uid=bweb,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: bweb
uid: bweb
uidNumber: 16869
gidNumber: 679
homeDirectory: /home/bweb
loginShell: /bin/bash
gecos: bweb
shadowMax: 0
shadowWarning: 0

dn: uid=bwebadmin,ou=users,dc=u,dc=l3
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
cn: bwebadmin
uid: bwebadmin
uidNumber: 16879
gidNumber: 679
homeDirectory: /home/bwebadmin
loginShell: /bin/bash
gecos: bwebadmin
shadowMax: 0
shadowWarning: 0

dn: cn=dev,ou=Groups,dc=u,dc=l3
objectClass: top
objectClass: posixGroup
gidNumber: 679
cn: dev
memberUid: bweb
memberUid: bwebadmin

vi /etc/httpd/conf.d/bweb-apache.conf

################################# Authentication with groups

              AuthType Basic
              AuthName "Auth"
              AuthBasicProvider ldap
              AuthLDAPURL ldap://$your_ldap_server:389/dc=u,dc=l3?uid?sub?(objectClass=*)
              AuthLDAPBindDN "cn=bacula_binding.service,dc=u,dc=l3"
              AuthLDAPBindPassword "$your_password"
              AuthLDAPGroupAttribute memberUid
              AuthLDAPGroupAttributeIsDN off
              Require ldap-group cn=bacadmin,ou=Groups,dc=u,dc=l3
##########################################