mod_auth_ldap or mod_auth_ldap?

There are (at least) two Apache 2.0 modules that allow ldap authentication against ldap. This is of course not unusual. It is unusual that they have the same name. It would have saved me a lot of time if I’d read a post like this one before attempting to configure Apache’s mod_auth_ldap from an example that used Muhammad Muquit’s mod_auth_ldap.

Redhat AS4 and FC5 ship with Apache’s mod_auth_ldap.

Muhammad’s mod_auth_ldap seems to provide a few more options, notably ldap debugging.

Details here:

The syntax is different. The basic functionality is the same. Muhammad’s module seems a little more configurable. They both work fine. Here are examples of each:

Muhammad’s mod_auth_ldap:



    # ...
    AuthType Basic
    LDAP_Debug On
    LDAP_Port 389
    Base_DN "dc=morganjones,dc=org"
    LDAP_Protocol_Version 3
    LDAP_Server ldap.morganjones.org
    LDAP_Port 389
    # I have not tried require valid-user with Muhammad's mod_auth_ldap but
    # I surmise it will work.
    # I have seen require user work like this:
    # require user user1 user2 user3
    require valid-user

Apache’s mod_auth_ldap:



    # ...
    AuthLDAPURL ldap://ldap.morganjones.org/dc=morganjones,dc=org
    Require valid-user

This entry was posted in Directory/LDAP, Web on by .

About morgan

Morgan is a freelance IT consultant living in Philadelphia. He lives with his girlfriend in an old house in Fishtown that they may never finish renovating. His focus is enterprise Messaging (think email) and Directory. Many of his customers are education, school districts and Universities. He also gets involved with most aspects of enterprise Linux and UNIX (mostly Solaris) administration, Perl, hopefully Ruby, PHP, some Java and C programming. He holds a romantic attachment to software development though he spends most of his time making software work rather than making software. He rides motorcycles both on and off the track, reads literature with vague thoughts of giving up IT to teach English literature.

Leave a Reply

Your email address will not be published. Required fields are marked *