Ldap Authentication for Ipplan Apache Linux
As you may have read, I’m testing with an IP management tool, called IPPlan. Since I’m not the only one at our company, that need access to IPPlan and I wasn’t planning in doing a lot of user management, I did a try to connect IPPlan to our Active Directory (LDAP) environment. It took me a while to figure it out, maybe cause the lack of “good” documentation or my experience. It doesn’t matter, because it is working now. This is what I did to get it working. Go to the subdirectory “user” in the “ipplan” directory, the full path (here) is: “/var/www/ipplan/user” and create a file with the name “.htacces”. Edit the file with the following information.
AuthType basic AuthName “IP Plan LDAP Authentication” AuthBasicProvider ldap AuthLDAPURL ldap://ldapserver:389/ou=accounts,dc=robmaas,dc=eu?cn AuthLDAPRemoteUserIsDN off require valid-user
The “ldapserver” is just the IP or DNS name of your LDAP(AD) server. After the URL you can use a standard LDAP query (don’t forget to replace the domain name). If your LDAP server needs authentication like mine does, you need to add the following two variables.
AuthLDAPBindDN “ ldap@robmaas.eu” AuthLDAPBindPassword “secret”
Make sure, your Apache configuration does support the including of “.htaccess” files. This can be done by setting the “AllowOverride” to All, like this.
AllowOverride All
Don’t forget this; it took me about 2 hours, before I got it. Also don’t forget to include the LDAP module in to Apache.
a2enmod authnz_ldap
After this we need to edit “config.php”, find the following line:
define(“AUTH_INTERNAL”, TRUE);
and change it to:
define(“AUTH_INTERNAL”, FALSE);
The last change I had to make, was changing this line:
define(“AUTH_VAR”), ‘PHP_AUTH_USER’);
into
define(“AUTH_VAR”), ‘REMOTE_USER’);
That’s it, after restarting the Apache (httpd) service, it should all work. Don’t forget, the authentication is done through LDAP, but you still have to create the users in IPPlan.
Sidenote: If the webpage is running on HTTP the username(s) and password(s) are sent in plain text to the webserver. In this case you should think about migrate it to HTTPS.
