Jan
21
2015
Web Roles using Ldap attributes

A few days ago, I wrote a simple wiki page on how to Authenticate to a web site using LDAP backend.

There is a cool (and very simple way) to use Web Roles by matching your user’s ldap attributes to your web app.

A RFC 2255 from 1997 exists on how to implement (and use) the LDAP URL Format. The authldapurl syntax from mod_authnz_ldap explains that the “attribute” field can be used with comma to separate different attributes. Every attribute would be passed to your webserver as an AUTHENTICATED_attribute variable.

In my example:



AuthLDAPURL "ldap://ldap.domain.org/ou=web,dc=domain,dc=org?uid,MyWebAccess?one?(WebAccess=MyWebApp_Level_*)"

returns:


AUTHENTICATE_MYWEBACCESS
    MyWebApp_Level_1 
AUTHENTICATE_UID
    myusername 
Tag(s): ldap, apache