How to setup eDirectory Authentication for Apache on a Linux based OES server.

  • 3129578
  • 24-Oct-2006
  • 26-Apr-2012


Novell Open Enterprise Server (Linux based)


You have documents or a location on Apache that requires restricted access. You want this restriction to be inforced by requiring eDirection authentication and forcing the authentication to be done over https.


This solution can be used on individual directories, URL's, or it can be used on the entire Apache server itself. It really depends on how you want to lock down your Apache server. For this example we will only be creating a single secure location so that any document that is referenced under that URL will require authentication. For example, anyone that hits will have public access but anyone why tries to access, or a document under that URL, will be required to authenticate. Authentication should be done over a secure connection (https) rather than a non-secure connection (http) which is why this solution will also cover redirecting all http attempts to https for that given location.

  1. First we want to make sure that the rewrite module is enabled. To do this we will need to go into Yast, Network Services, and chooseHTTP Server. Select Modules and click Edit. Find the rewrite module, select it, and click on the Toggle Status button to enable it. Then click OK and Finish.

    Note:Do not add the load module statement directly to the /etc/apache2/sysconfig.d/loadmodule.conf file because your changes will be lost once the apache server has been restarted.

  2. Next we are going to create a new file under the /etc/apache2/conf.d directory called secure.conf. We don't need to add an include statement for this because Apache already has a directive to load and .conf file under this directory.

  3. Determine the location for your secure information. If you already have an existing directory that you would like to secure then you need to determine whether or not it exists under the DocumentRoot (default is /srv/www/htdocs). If it is not a sub directory of the DocumentRoot then you will need to create an alias to that directory. Since the secure directory is not going to reside under the DocumentRoot, but rather at the same level as the DocumentRoot then and alias will need to be created. Add the following lines to the secure.conf file.

    Alias /secure"/srv/www/secure"

  4. You will also need to verify that the wwwrun user has the appropriate rights to access that directory. If this is an NSS volume then the rights will need to be assigned through eDirectory rather than the local Linux file system, which is outlined in TID # 3344085. Since the directory /secure was created under /srv/www and it is a local Linux file system, we will need to change the owner and/or group on the directory to the Apache user and group.

    chown -R wwwrun.www /srv/www/secure

  5. The next couple of lines that we will be adding to the secure.conf file will intercept all http requests the /secure alias and redirect them to https. This will allow for the authentication to be sent over an encrypted session.

    RewriteEngine On
    RewriteRule ^/secure https://%{SERVER_NAME}/secure [L,R]

  6. Now we need to add the option for LDAP authentication. We can place this under the rewrite directives that were added in step 5, making sure that the section is replace with your IP address or DNS name.

    Options Indexes Multiviews
    AllowOverride None
    Order deny,allow
    Allow from all
    AuthType Basic
    AuthName "Protected"
    require valid-user
    AuthLDAPAuthoritative On
    AuthLDAPURL ldaps://

  7. Now stop and start Apache (from within a terminal) to make sure that there are now errors.

    rcapache2 stop
    rcapache2 start

  8. After verifying that Apache is able to start, go to and verify that you are redirected to https and that you are asked and are able to authenticate against the /secure alias.