11. Add LDAP Support

(Optional, but recommended)

LDAP support allows for your users to log in using their local username and password. It also removes the need for the sys admin to keep updating the .htpasswd file.

Requirements:

• an LDAP server preferably with SSL support (openldap1.infra.osc.edu:636)

1. Install the necessary Apache module to use LDAP:

   sudo yum install httpd24-mod_ldap.x86_64
   

2. Update the Apache config with LDAP Basic Authentication support. This requires modifying the configuration file for the ood-portal-generator.

   cd ~/ood/src/ood-portal-generator
   

3. Configuration is handled by editing the config.yml as such:

   ---
   
   auth:
     - 'AuthType Basic'
     - 'AuthName "private"'
     - 'AuthBasicProvider ldap'
     - 'AuthLDAPURL "ldaps://openldap1.infra.osc.edu:636/ou=People,ou=hpc,o=osc?uid" SSL'
     - 'AuthLDAPGroupAttribute memberUid'
     - 'AuthLDAPGroupAttributeIsDN off'
     - 'RequestHeader unset Authorization'
     - 'Require valid-user'
   

   Note

   For documentation on LDAP directives please see: https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html

4. Re-build the Apache config:

   scl enable rh-ruby22 -- rake
   

5. Copy it over to the default location:

   sudo scl enable rh-ruby22 -- rake install
   

6. Restart the Apache server:

   sudo service httpd24-httpd restart
   

   Warning

   If using RHEL 7 you will need to replace the above command with:

   sudo systemctl restart httpd24-httpd
   

Close your browser so that you are properly logged out. Then open your browser again and access the portal. You should now be able to authenticate with your local username and password.