Apache 2 - LDAP access

This explain how to use LDAP to secure some part(s) of a website.

LDAP authentication

Modules and options lips

List of apache 2.2.x modules with roles and recommended values:

  • AuthType
Role This tells Apache which authentication module you want to use
Value basic
Mandatory Yes

  • AuthName
Role Authentication window name
Value “Authentication to my service”
Mandatory Yes

  • AuthBasicProvider
Role This tells Apache which authentication module you want to use
Value ldaps
Mandatory Yes

  • AuthzLDAPAuthoritative
Role Tells Apache whether or not a failed authentication request can be passed to other Apache modules
Value off
Mandatory Yes

  • AuthLDAPBindDN
Role The distinguished name (DN) of service account.

This user will be used to scan the LDAP and perform real user authentication

Value UID=myUser,OU=myGroup,DC=myServer


Mandatory No

  • AuthLDAPBindPassword
Role The password for the user account configured via the AuthLDAPBindDN directive
Mandatory No

Role URL that tells:
  • Where the directory server is,
  • Where to look for users at,
  • What user attribute is used to identify a user
Value ldaps://myServer:636/OU=group&,OU=group2,DC=myServer?attribute




Mandatory Yes



apt-get install libapache2-mod-ldap-userdir

You have to enable to the following modules:

a2enmod ldap authnz_ldap

Restart server to apply changes:

service apache2 restart


You can use the following settings inside a “.htaccess” or “VirtualHost” configuration:

Edit V.Host configuration

vim /etc/apache2/sites-available/myServer

Adjust your virtual-host like that:

# LDAP protected directory
<Directory /var/www/ssl/secure>
   Options Indexes FollowSymLinks MultiViews
   AllowOverride None
   Order allow,deny
   allow from all

   AuthType basic
   AuthName "Secure area"
   Require valid-user

   ###### Choose a LDAP provider
   # If "localhost" then use LDAP. 
   AuthBasicProvider ldap
   AuthLDAPUrl "ldap://localhost:389/ou=people,dc=dev,dc=daxiongmao,dc=eu?uid" 

   # If remote URL then use LDAP over SSL 
   AuthBasicProvider ldaps
   AuthLDAPUrl "ldaps://dev.daxiongmao.eu:636/ou=people,dc=dev,dc=daxiongmao,dc=eu?uid"   

   # LDAP URL pattern:
   # AuthLDAPUrl "ldaps://myServer:636/{LDAP ou=},{LDAP server DC=}?uid"


This example can be set in:

  • <Location> - to protect a specific part or alias of the website
  • <Directory> - to protect a specific directory or the whole virtual host if set in root directory "/var/www/myServer"


  • My co-worker help: Julien Rialland