Hi Per,could you define “working configuration” requirements and what’s iPad specific?Anyway, below is my setup with Centos Apache to authenticate against IPA via LDAP using either username (uid) or e-mail. No Kerberos or GSSAPI used, just “pure” LDAP.Please note, IPA group “shareusers” membership is required. IPA host is im.example.comWith kind regards,
IvarsFile /etc/httpd/access/ldap.confAuthName "File service login"# AuthBasicProviders are defined in ../conf.d/00-ldap.confAuthBasicProvider ldap-uid ldap-mailAuthType Basic# Even if AuthLDAPURL is defined in AuthnProviderAlias in ../conf.d/00-ldap.conf and processed earlier# these directives are mandatory to authorize after authenticationAuthLDAPInitialBindAsUser OnAuthLDAPSearchAsUser OnAuthLDAPCompareAsUser OnFile /etc/httpd/conf.d/00-ldap.confLDAPTrustedGlobalCert CA_BASE64 /etc/ipa/ca.crt# AuthnProviderAlias must be defined here, it cannot be in VirtualHost# because ../access/ldap.conf is VirtualHost level# ldap-mail is tried last (after ldap-uid)<AuthnProviderAlias ldap ldap-mail># this one (last) must be authoritative# AuthLDAPBindAuthoritative offAuthLDAPInitialBindAsUser OnAuthLDAPSearchAsUser OnAuthLDAPCompareAsUser OnAuthLDAPInitialBindPattern (.+)\@(.+) uid=$1,cn=users,cn=accounts,dc=example,dc=com</AuthnProviderAlias># ldap-uid is tried first<AuthnProviderAlias ldap ldap-uid># first one is NOT authoritativeAuthLDAPBindAuthoritative offAuthLDAPInitialBindAsUser OnAuthLDAPSearchAsUser OnAuthLDAPCompareAsUser OnAuthLDAPInitialBindPattern (.+) uid=$1,cn=users,cn=accounts,dc=example,dc=com</AuthnProviderAlias>On 2017. gada 8. aug., at 15:11, Per Qvindesland via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:Hi All
Does anyone have any working mod_ldap configuration for Centos 7 with apache 2.4.6 with iPad to share?
Regards
Per
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org