Skip to content

LDAP group support for lighttpd

I wrote a patch a while back, for lighttpd to support group-authentication. I’m just importing the entries from my old site, into this new one.

The way I use it, is by storing a groupOfNames-object in directory, which includes the DN’s I want to give access to. Here is an example object:

dn: cn=apacheadmins,ou=groups,dc=danielbond,dc=org
cn: apacheadmins
objectClass: groupOfNames
member: uid=danielb,ou=admins,ou=people,dc=danielbond,dc=org
member: uid=agent007,ou=outsourced,ou=people,dc=danielbond,dc=org

Then in my lighttpd configuration, I would include this group, in the list of allowed contexts:

auth.require = {
  ”/” => {
    ”method” => “basic”,
    ”realm” => “MI6 Agent login”,
    ”require” => “group=cn=apacheadmins,ou=groups,dc=danielbond,dc=org|user=coolguy|cn=awesome people,ou=groups,dc=danielbond,dc=org”
  } 
}

 The patch can be downloaded here: lighttpd-http_auth.c-ldap_group.diff.

Posted in Linux related, Unix related.

By Daniel Bond
May 18, 2009

No comments

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Some HTML is OK

(required)

(required, but never shared)

or, reply to this post via trackback.