11. Add LDAP SupportΒΆ

(Optional, but recommended)

LDAP support allows for your users to log in using their local username and password. It also removes the need for the sys admin to keep updating the .htpasswd file.

Requirements:

  • an LDAP server preferably with SSL support (openldap1.infra.osc.edu:636)
  1. Install the necessary Apache module to use LDAP:

    sudo yum install httpd24-mod_ldap.x86_64
    
  2. Update the Apache config with LDAP Basic Authentication support. This requires modifying the configuration file for the ood-portal-generator.

    cd ~/ood/src/ood-portal-generator
    
  3. Configuration is handled by editing the config.yml as such:

    ---
    
    auth:
      - 'AuthType Basic'
      - 'AuthName "private"'
      - 'AuthBasicProvider ldap'
      - 'AuthLDAPURL "ldaps://openldap1.infra.osc.edu:636/ou=People,ou=hpc,o=osc?uid" SSL'
      - 'AuthLDAPGroupAttribute memberUid'
      - 'AuthLDAPGroupAttributeIsDN off'
      - 'RequestHeader unset Authorization'
      - 'Require valid-user'
    

    Note

    For documentation on LDAP directives please see: https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html

  4. Re-build the Apache config:

    scl enable rh-ruby22 -- rake
    
  5. Copy it over to the default location:

    sudo scl enable rh-ruby22 -- rake install
    
  6. Restart the Apache server:

    sudo service httpd24-httpd restart
    

    Warning

    If using RHEL 7 you will need to replace the above command with:

    sudo systemctl restart httpd24-httpd
    

Close your browser so that you are properly logged out. Then open your browser again and access the portal. You should now be able to authenticate with your local username and password.