HP OSMS Blueprint: Directory Services on HP ProLiant and HP Integrity Servers with RHEL5
Table Of Contents
- HP Open Source Middleware Stacks Blueprint:
- Table of Contents
- Introduction
- Typographic Conventions
- HP Encourages Your Comments
- Overview of HP Directory Services OSMS
- Installing and Configuring Symas CDS and Apache Modules
- Managing the Symas CDS Server
- Performing Backups and Recovery with Berkeley DB
- Configuring the Master-Slave Replication
- Integrating the Apache HTTP Server with the mod_authnz_ldap and mod_ldap Modules
- Setting up Security for the CDS Server
- Monitoring OpenLDAP with the HP OpenView Operations CDS Gallery SPIs
• /usr/lib/httpd/modules/mod_ldap.so (on x86 and HP Integrity systems)
• /usr/lib64/httpd/modules/mod_ldap.so (on x86_64 systems)
# rpm -qil httpd |grep mod_authnz_ldap
The following values are returned:
• /usr/lib/httpd/modules/mod_authnz_ldap.so (on x86 and HP Integrity
systems)
• /usr/lib64/httpd/modules/mod_authnz_ldap.so (on x86_64 platform)
3. Verify the following lines exist in the /etc/httpd/conf/httpd.conf file:
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_authnz_ldap.so
Testing LDAP Authentication with the Apache HTTP Server
The Apache document root for RHEL5 is /var/www/html. For this example, assume you need
to restrict access to the directory /var/www/html/ldaptest and also grant access to the
directory for the user tomy with the password tom. For information on adding a user to an LDAP
server, see “Performing Common CDS Server Operations” (page 12).
1. Create an HTML file named /var/www/html/ldaptest/index.html and add the
following lines to it.
<HTML>
<HEAD>
</HEAD>
<BODY DIR="LTR">
<P ALIGN=CENTER STYLE="margin-bottom: 0cm"><FONT FACE="Times New Roman, serif">
<FONT SIZE=6>The LDAP support worked!</FONT></FONT></P>
</BODY>
</HTML>
2. Add the following contents to the file /etc/httpd/conf/httpd.conf :
<Directory "/var/www/html/ldaptest">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthType Basic
AuthName Internal
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://<LDAP_SERVER_IP_ADDRESS>/dc=osm,dc=example,dc=com?uid??
(objectclass=*)
require valid-user
AuthLDAPBindDN cn=Manager,dc=example,dc=com
AuthLDAPBindPassword secret
</Directory>
AuthLDAPBindDN is the rootdn configured in the LDAP server. AuthLDAPBindPassword
is the password for simple authentication in the LDAP Server.
The values of the two attributes are set in the /opt/symas/etc/openldap/slapd.conf
file on the LDAP server. See “Installing and Configuring Symas CDS and Apache Modules”
(page 8) for more details about CDS server configuration.
The mod_authnz_ldap manual about these directives is located at:
http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
3. Restart the Apache HTTP server by entering the following command:
# /etc/init.d/httpd restart
4. Launch a browser window and navigate to http://Your_Web_Server_IP/ldaptest/.
5. At the prompt, log in with the user name tomy and the password tom.
20