Add LDAP Authentication¶

The following prerequisites need to be satisfied:

  • An LDAP server, e.g.,
  • NSS configured on the OnDemand Server to look up users via LDAP
  • The mod_authnz_ldap Apache module installed

Then you can modify your ood-portal-generator configuration file as such:

# /etc/ood/config/ood_portal.yml

  - "AuthType Basic"
  - "AuthName \"private\""
  - "AuthBasicProvider ldap"
  - "AuthLDAPURL \"ldaps://,ou=hpc\""
  - "RequestHeader unset Authorization"
  - "Require valid-user"

Where the RequestHeader setting is used to strip private session information from being sent to the backend web servers.

Each array item is treated as a line in the Apache configuration file. You can add more Apache LDAP directives as separate array items.

Build the Apache configuration file and install it.