Apache 2.2 + LDAP authentication

Since Apache version 2.2, the LDAP authentication module is no longer called auth_ldap, but rather authnz_ldap. During a migration of an Apache 2.0 to Apache 2.2, I ran into some problems which caused a failure to start Apache.

It seems that the configuration directive AuthLDAPAuthoritative has been renamed to AuthzLDAPAuthoritative, so you will have to replace these in your Apache config(s) - "sed" is your friend.

After replacing every occurrence of "AuthLDAPAuthoritative" in the Apache configuration files, I was able to start Apache, but there still seemed to be another issue. Pointing my browser to any of the vhosts with LDAP authentication enabled returned an internal server error (500). The Apache error log showed this:
(9)Bad file descriptor: Could not open password file: (null)

I started searching in Google, and quickly found the solution to this problem here.

Adding these two lines in the Apache configs fixed the internal server error:

AuthBasicProvider ldap
AuthUserFile /dev/null

Unfortunately, I was still unable to login. One more thing that needed to be changed:
Require group becomes Require ldap-group.

After changing this in all vhost configs, the problem seemed to be fixed. Finally :-)

Tags: 

Topics: