Apache LDAP with Foxpass
Using Foxpass LDAP for auth using mod_ldap, authnz_ldap
This example is for Ubuntu 14.04. Your mileage may vary.
1. Install Apache and needed modules
$ sudo apt-get install apache2
$ sudo a2enmod ldap
$ sudo a2enmod authnz_ldap
$ sudo service apache2 restart
2. Create the binder accounts on Foxpass
On this page. Note the passwords, you'll need them again.
Here's an example binder account: cn=logs,dc=example,dc=com
3. Set up Apache
Replace dc=example,dc=com, cn=logs,dc=example,dc=com, with the appropriate values from your domain and setup.
# Apache .conf files to expose a directory protected by Foxpass
Listen 8888
<VirtualHost *:8888>
Alias /logs /home/user/logs
<Directory /home/user/logs>
Options +Indexes
AuthType Basic
AuthBasicProvider ldap
AuthName "Foxpass"
AuthLDAPBindDN cn=logs,dc=example,dc=com
AuthLDAPBindPassword <BINDER PASSWORD>
AuthLDAPURL ldaps://ldap.foxpass.com/dc=example,dc=com?uid
require valid-user
</Directory>
</VirtualHost>
4. Apache setup for Graphite (or similar website)
Replace dc=example,dc=com, cn=logs,dc=example,dc=com, with the appropriate values from your domain and setup.
Listen 8888
<VirtualHost *:8888>
<Location "/">
AuthType Basic
AuthBasicProvider ldap
AuthName "Foxpass"
AuthLDAPBindDN cn=graphite,dc=example,dc=com
AuthLDAPBindPassword <BINDER PASSWORD>
AuthLDAPURL ldaps://ldap.foxpass.com/dc=example,dc=com?uid
require valid-user
</Location>
WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite
WSGIProcessGroup _graphite
WSGIImportScript /usr/share/graphite-web/graphite.wsgi process-group=_graphite application-group=%{GLOBAL}
WSGIScriptAlias / /usr/share/graphite-web/graphite.wsgi
Alias /content/ /usr/share/graphite-web/static/
<Location "/content/">
SetHandler None
</Location>
ErrorLog ${APACHE_LOG_DIR}/graphite-web_error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/graphite-web_access.log combined
</VirtualHost>
Updated 5 months ago