[IMPORTANT] Please note that this site will be disabled on October 31. In it's place, the new JumpCloud Help Center is live! Check it out here!

Support Center

Configuring Apache authnz_ldap_module to use JumpCloud's LDAP-as-a-Service

See Using JumpCloud's LDAP-as-a-Service to obtain the JumpCloud specific settings required below.

This process was qualified on 01/25/2017 with Ubuntu 16.04 and Server version: Apache/2.4.18 (Ubuntu).  The scope of this article provides proof of concept for basic LDAP authentication only. For additional items like enabling SSL, group authentication, etc... Please see the Apache documentation.
  1. Enable the module
    # a2enmod ldap authnz_ldap 
    Enabling module ldap.
    Considering dependency ldap for authnz_ldap:
    Module ldap already enabled
    Enabling module authnz_ldap.
    To activate the new configuration, you need to run:
      service apache2 restart
  2. Create a new site configuration in /etc/apache2/sites-available/ldap.conf
    <Directory /var/www/html/ldap>    
        AuthName "LDAP Auth Test"
        AuthType Basic
        AuthBasicProvider ldap
        AuthLDAPBindDN uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com
        AuthLDAPURL ldap://ldap.jumpcloud.com:389/ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com STARTTLS
    #Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials.
        AuthLDAPBindAuthoritative off
        Require valid-user
  3. Create the site directory and enable the site
    # mkdir /var/www/html/ldap 
    # a2ensite ldap 
    Enabling site ldap.
    To activate the new configuration, you need to run:
      service apache2 reload
    # service apache2 reload
  4. Create a test page and check for required authentication by visiting the page
    echo "Hello World" > /var/www/html/ldap/index.html

Last Updated: Sep 13, 2018 01:33PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found