Authenticating via Apache

To authenticate via LDAP, Apache (>=2.4) needs the authnz_ldap to be enabled, for instance, in Debian the following command should be run:

a2enmod authnz_ldap

To protect a location, for instance /trac/SOMETHING/login the following configuration should be added:

<LocationMatch ^/trac/[^/]+/login$>
    ### Authentication: LDAP
    AuthType Basic
    AuthName "Authorization required"
    AuthBasicProvider ldap
    AuthLDAPUrl "ldap://MYLDAPSERVER.TLD:PORT/ou=USERS,ou=GROUP,dc=SERVER,dc=TLD?uid"
    AuthLDAPBindDN "cn=ADMIN,dc=SERVER,dc=TLD"
    AuthLDAPBindPassword ADMIN_PASSWORD
    require valid-user
</LocationMatch>

where:

Using Indexes for Better Performance

Edit /etc/ldap/slapd.conf and insert the lines at the top:

index   objectClass             eq
index   cn                      pres,sub,eq
index   sn                      pres,sub,eq
index   uid                     pres,sub,eq
index   displayName             pres,sub,eq
index   default                 sub
index   uidNumber               eq
index   gidNumber               eq
index   mail,givenName          eq,subinitial
index   dc                      eq

and re-index by issuing:

su -c openldap slapindex