LDAP Authentication for IPPlan (Apache / Linux)

As you may have read, I’m testing with an IP management tool, called IPPlan.
Since I’m not the only one at our company, that need access to IPPlan and I wasn’t planning in doing a lot of user management, I did a try to connect IPPlan to our Active Directory (LDAP) environment.

It took me a while to figure it out, maybe cause the lack of “good” documentation or my experience. It doesn’t matter, because it is working now. This is what I did to get it working.

Go to the subdirectory “user” in the “ipplan” directory, the full path (here) is: “/var/www/ipplan/user” and create a file with the name “.htacces”. Edit the file with the following information.

AuthType basic
AuthName “IP Plan LDAP Authentication”
AuthBasicProvider ldap
AuthLDAPURL ldap://ldapserver:389/ou=accounts,dc=robmaas,dc=eu?cn
AuthLDAPRemoteUserIsDN off
require valid-user

The “ldapserver” is just the IP or DNS name of your LDAP(AD) server. After the URL you can use a standard LDAP query (don’t forget to replace the domain name).

If your LDAP server needs authentication like mine does, you need to add the following two variables.

AuthLDAPBindDN “ldap@robmaas.eu”
AuthLDAPBindPassword “secret”

Make sure, your Apache configuration does support the including of “.htaccess” files. This can be done by setting the “AllowOverride” to All, like this.

AllowOverride All

Don’t forget this; it took me about 2 hours, before I got it.
Also don’t forget to include the LDAP module in to Apache.

a2enmod authnz_ldap

After this we need to edit “config.php”, find the following line:

define(“AUTH_INTERNAL”, TRUE);

and change it to:

define(“AUTH_INTERNAL”, FALSE);

The last change I had to make, was changing this line:

define(“AUTH_VAR”), ‘PHP_AUTH_USER’);

into

define(“AUTH_VAR”), ‘REMOTE_USER’);

That’s it, after restarting the Apache (httpd) service, it should all work.

Don’t forget, the authentication is done through LDAP, but you still have to create the users in IPPlan.

Sidenote: If the webpage is running on HTTP the username(s) and password(s) are sent in plain text to the webserver. In this case you should think about migrate it to HTTPS.

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather

6 thoughts on “LDAP Authentication for IPPlan (Apache / Linux)

  1. This guide was excellent and got us up with LDAP authentication on our implementations of IPPlan in relatively short order. One issue I had was that I needed one additional line in my .htaccess file to get everything working. Not quite certain why this was (probably something burried in my httpd.conf file somewhere), but I figured I’d post it out there in case someone else runs into something similar. I have IPPlan running on fairly vanilla Red Hat 5 boxes.

    Below is the line that was added to the .htaccess file above:
    AuthzLDAPAuthoritative off

    Thanks for the excellent guide. This was a lot more helpful to me than what was included in the online documentation.

  2. I followed these instructions but it is still not working, I am a little confused about this part, “Also don’t forget to include the LDAP module in to Apache.”

    How do I know if it is loaded and if it is not is there a link to install it?

  3. Ali :

    I followed these instructions but it is still not working, I am a little confused about this part, “Also don’t forget to include the LDAP module in to Apache.”

    How do I know if it is loaded and if it is not is there a link to install it?

    I can’t test it right now, but I believe the command is “httpd -l”, to see which modules are loaded.

    Installation of the module, can be done (in Ubuntu) with the following command:
    “sudo a2enmod authnz_ldap”

    Please let me know it this was any help to you. If it doesn’t, can you tell me which Linux distribution you are using? Then I will try to figure it out for you.

  4. Ok that module is already enabled but still not working. I’m using Debian latest version and apache2.

    I create a user on IPPlan with no password same as whats in the AD. But it just keeps telling me invalid credentials.

Leave a Reply

Your email address will not be published. Required fields are marked *

*