sstBelongsToUID: 1
</source>
== Apache HTTP Basic authentication ==
Enable LDAP authentication for Apache by adding the following in ''/etc/conf.d/apache2'':
<source lang="bash">
-APACHE2_OPTS="-D PHP5 -D UMASK -D SSL"
+APACHE2_OPTS="-D PHP5 -D UMASK -D SSL -D LDAP -D AUTHNZ_LDAP"
</source>
Add the restriction in ''/etc/apache2/vhosts.d/localhost.ssl.conf'':
<source lang="bash">
<Directory "/var/www/localhost/htdocs">
SSLRequireSSL
Options FollowSymLinks IncludesNOEXEC SymlinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Indexes Limit
Order Allow,Deny
Allow from all
+ AuthLDAPBindDN "cn=cloud,ou=services,ou=administration,dc=stoney-cloud,dc=org"
+ AuthLDAPBindPassword "XXXXXXXXX"
+ # Accept only people which belongs to your company, are active and superusers.
+ AuthLDAPUrl "ldaps://ldapm.stoney-cloud.org:636/ou=people,o=stepping-stone,c=ch?mail?one?(&(sstEmployeeOfUID=4000000)(sstIsActive=TRUE)(sstBelongsToUID=1))"
+ AuthType Basic
+ AuthName "stoney cloud"
+ AuthBasicProvider ldap
+ Require valid-user
</Directory>
</source>
Restart Apache:
<source lang="bash">
/etc/init.d/apache2 restart
</source>
== Important! ==
Don't forget, that you probably have two OpenLDAP directory servers and two Apache web servers!
[[Category:OpenLDAP directory]]