You can beef up the of your Apache Web server by enabling authentication against LDAP. This works in case you would wish users to authenticate themselves before peering into what the server hosts.

This guide illustrates how you can force users to authenticate themselves against PAM or LDAP. We assume that you already have LDAP installed and users already existing. If not, the following guides will help you set up LDAP quickly.

• Install and configure OpenLDAP & phpLDAPadmin on Ubuntu
• Install and configure OpenLDAP Server on Ubuntu
• Install and Configure OpenLDAP Server on Debian

To get the results that we desire, let us go on to the following steps.

Step 1: Install Apache if not installed already

This step assumes you do not have Apache already installed. We shall use it as our example and test authentication. Fire up your terminal and issue the command below

sudo dnf install httpd -y

Step 2: Install mod_ldap

mod_ldap will be used by Apache to authenticate against LDAP. Install it as below

sudo dnf install mod_ldap

Step 3: Create a sample Test page

To test if our LDAP authentication works, let us create a simple HTML file and protect it with LDAP authentication.

sudo vim /etc/httpd/conf.d/ldap.conf

Create your configuration like below.

<Directory /var/www/html/ldap>
     AuthName "LDAP Authentication"
     AuthType Basic
     AuthBasicProvider ldap
     AuthLDAPURL ldap://192.168.250.229/dc=neveropen,dc=com?uid?sub?(objectClass=*)
     Require ldap-filter objectClass=posixAccount
</Directory> 

Reference: HTTPD Authentication and Authorization

Step 4: Create the root directory of the page

Since the root directory is on a new folder, let us create it and add our simple web page inside

sudo mkdir /var/www/html/ldap

Add the webpage

sudo vim /var/www/html/ldap/index.html

<html>
<body>
<div style="width: 100%; font-size: 50px; font-weight: bold; text-align: center;">
This page confirms that LDAP Authentication works
</div>
</body>
</html>

Change permissions

Since the page will be loaded by apache, change the file added to belong to apache

sudo chown -R apache:apache /var/www/html/ldap

Step 5: Restart Apache

Apache needs to be restarted every time core configuration changes have taken place. Let us restart httpd daemon

sudo systemctl restart httpd

Step 6: Test if it works

Load your favorite browser and enter the URL that the page is to be loaded on. For me it is

http://example.com or IP/ldap

The page loads and asks for credentials. Enter username and password that exists in your LDAP server.

And the page loads

Wrapping up

LDAP adds a layer of security to your web page in case you would wish only authorized users to use the service you are offering. This can be such a convenient way especially if you already have LDAP running within your set-up. There is no hassle involved in creating fresh credentials and that if efficiency.

Thank you for visiting and going through materials on the blog. Other interesting guides are listed below for you.

• How To remove Apache welcome/test page on CentOS 7/8
• Install Varnish Cache 6 for Apache/Nginx on CentOS 7
• How To Install phpMyAdmin with Apache on Debian
• Install Apache with mod_ssl & mod_http2 on CentOS 8 / RHEL 8