February 24, 2008

.htaccess - Authentication from File and LDAP or other sources at the same time

Sometimes you may need to authenticate a user against different credentials stores, like standard files (.htpasswd), databases, ldap, ...
With Apache, you can use these more authentication sources by defining them in the AuthBasicProvider property.

The configuration bellow will authenticate a user first against a file (.htpasswd) and then against an LDAP accounts.

AuthName 'Enter your Username and Password:'
AuthType Basic

# Authenticate against file and then against ldap
AuthBasicProvider file ldap

# auth file
AuthUserFile /var/www/.htpasswd

# LDAP auth fallback to other auth mechanisms
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://10.0.0.1:6361/ou=web,dc=top?cn?sub?(objectClass=*)

# File auth
Require valid-user
# LDAP auth
Require ldap-attribute objectClass=simpleSecurityObject

You can use it in your Apache's configuration and in the .htaccess as well.