On my CentOS 6.3 install, all of the necessary LDAP authentication modules were already installed and running. I just needed to define the LDAP connection attributes as well as defining the users I want to be able to authenticate.
I am using LDAPs on port 636 for my authentications so no credentials are going over the network in cleartext. The first step to configure this is to create a key pair to use to connect to the Domain Controller over SSL. I am storing my certificates in /etc/httpd/certificate, but you can store them wherever you like.
- openssl genrsa 2048 > ldap.key
- openssl req –new –x509 –nodes –sha1 –days 1825 –key ldap.key > ldap.cer
Once the certificates are created, we need to configure Apache.
- nano /etc/httpd/conf/httpd.conf
- LDAPVerifyServerCert off
- LDAPTrustedMode SSL
- LDAPTrustedGlobalCert CERT_DER /etc/httpd/certificate/ldap.cer
- LDAPTrustedGlobalCert KEY_DER /etc/httpd/certificate/ldap.key
AuthName "Login, Please"
Require ldap-user admin1 admin2 admin3
Once you’ve saved those changes, you can restart Apache and test that LDAP Auth is working. Mine worked, but gave me a HTTP 500 error. I set logging in httpd.conf to debug, and tried to authenticate again. That gave me the error message
[Fri Jan 04 10:48:37 2013] [info] [client x.x.x.x]  auth_ldap authen
ticate: user myuser authentication failed; URI /viewvc [ldap_search_ext_s() for
user failed][Operations error]
Googling the error led me to an issue with the way that the RedHat apache package is handling authentication referrals. The fix was to edit /etc/openldap/ldap.conf and add the line:
Once I did that, I was able to successfully authenticate and get into ViewVC.
These links were helpful to me in figuring all of this out: