rootninja

Enabling LDAP authentication should take you about 2 minutes, unless you type with just 2 fingers. Then maybe 3 or 4.

Uncomment “mod_auth” in /etc/lighttpd/lighttpd.conf

Enable debugging info so you can figure out whats wrong if things don’t go smoothly right off the bat.

debug.log-request-header = “enable”
debug.log-response-header = “enable”
debug.log-request-handling = “enable”
debug.log-file-not-found = “enable”

Here’s the minimal part you’ll need to get going. Add these lines to your lighttpd.conf and customize as needed.

auth.backend = “ldap”
auth.backend.ldap.hostname = “ldap1.domain.com”
auth.backend.ldap.base-dn = “dc=your.ldap.base.here”

If you don’t allow anonymous connections to your ldap, give it a user/password combination that has enough privs to do the lookups, or just use your master account if you’re just testing or don’t really care.

auth.backend.ldap.bind-dn = “cn=Manager,dc=your.ldap.base.here”
auth.backend.ldap.bind-pw = “put your plain text password here or in another file and include it!”

Now tell it what parts of your webserver you want to protect and how. You can specify any string you’d like for the realm. Here I require an LDAP user account name and password just to get to the wiki main page, and only admin can see the server-config page.

auth.require = (
“/wiki” =>
(
“method” => “basic”,
“realm” => “LDAP Guarded Entrance to the Wiki”,
“require” => “valid-user”
),
“/server-config” =>
(
“method” => “basic”,
“realm” => “Login to view the current server configuration”,
“require” => “user=admin”
) )

Restart lighttpd and you’re done. I require encrypted connections for my ldap and this works right out of the box. If you run ldapsearch -xZZ it will force encryption or die. So if you’re not seeing a bunch of entries… well there could be a ton of reasons, like no anonymous binds allowed, or perhaps there’s a firewall issue, etc. If it does work, then your ldap is probably set up right :) But you’ve already set up ldap properly before you stumbled this far, right?