Dealing with spaces in LDAP URI's used with Apache


I had an Apache web server that I wanted to configure to use LDAP authentication for controlling access to some pages. The LDAP directory already existed, in the form of the company's Active Directory. Unfortunately, the company's two-word name was part of the URI. This was not difficult to deal with when using command-line tools such as ldeapsearch, because the DN could be placed in quotes. But this syntax doesn't work in Apache's httpd.conf. The key turned out to be using %20 to represent the space between the two words, like so:

ldap_uri: ldap://activdir.example.edu:389/ou=All%20Users,dc=win,dc=example,dc=edu??sub?(uid=%s)?x-BindDN=bindid,x-Password=password

This syntax was used in section 2.5.1 in a document on PubCookie which also looks very interesting. Here's the complete LDAP section of httpd.conf:

<Directory "/var/www/html/closed"> AuthLDAPAuthoritative on AuthLDAPEnabled on AuthType Basic AuthName "Restricted Area" AuthLDAPBindDN "cn=Recipients,ou=Edina,o=Acme Manufacturing" AuthLDAPURL ldap://mnmtkex6:389/dc=Acme%20Manufacturing?sAMAccountName?sub?(objectclass=*) Require valid-user </Directory>

I must point out, however, that using the above code, I could not get LDAP authentication from AD to work. When I pointed it a Sun LDAP server, it worked fine.

Special thanks to my friend Pete Palmer for finding the answer about the spaces for me.

04/15/2005