We help IT Professionals succeed at work.

Apache LDAP Authentication

CipherIS
CipherIS asked
on
184 Views
Last Modified: 2018-02-06
How do I check / configure LDAP on Apache server?
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2004
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Issue I'm having is I have a website on Apache server set up.  It does NOT have grant all permissions.  The .htaccess file is not blocking users from gaining access.  In the config file it has Required ip x.x.x.x etc.  When a user VPN's in the user cannot access the site but everyone inside the network can.

I spoke to the IT department about this.  They stated that the VPN IP's need to be added.  So, they provided me with some IP's (e.g. 172.x.x.x/24).

I added the IP's provided by IT Department but the user is still blocked when VPNing in.

What I did to test was disconnect from network, VPN'd in.  Then went to http://www.showmemyip.com/.  Added my IP to the site and I was able to access the page.

I would think that the user should be able to access via VPN without any additional IP's added.

I don't want to add IP for every user when they VPN.

I spoke to the IT department about this and they stated that I need both the VPN and the users IP.  Don't understand why.
CERTIFIED EXPERT
Top Expert 2004
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
I added the IP to the config.  Waiting for user to test.  I tested it myself and it worked.  It just doesn't make sense to me why I have to add my IP.

Shouldn't adding the VPN IP resolve this issue?  Why do I have to add the VPN issue and also the users IP to allow access?
CERTIFIED EXPERT
Top Expert 2004
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
.htaccess is not used to block or allow anything.  I added the IP's in the config file for the websites.  Below is some info.

<VirtualHost *:80>
   DocumentRoot "/home/webserver/www/internal.mysite.com"
   ServerName internal.mysite.com
   <Directory "/home/webserver/www/internal.mysite.com">
       Require ip 10.0.0.0/255.0.0.0
       Require ip 127.0.0.1 
       Require ip 172.0.2.0/24   (IP address provided by IT Dept for VPN)
       Require ip 166.0.0.0/24 (IP address from users computer after connecting VPN).  
   </Directory
</VirtualHost>

Open in new window


Question I have is when the user connects via VPN why is that NOT enough?  Why do I have to add their IP 166.0.0.0/24?
CERTIFIED EXPERT
Top Expert 2004
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:

Author

Commented:
So, any suggestions on how to resolve?  I modified the ip for VPN in the conf file to 172.16.0.0/12.
CERTIFIED EXPERT
Top Expert 2004
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
I received the below from the IT Department regarding OpenVPN.

The reason OpenVPN is not able to hit this site is because we don't force all traffic through the VPN only the traffic to and from the company site.   The reason we don't do that is because it SEVERELY effects your client internet speed
I'm not a network person so I don't understand it.

Here is another piece of information.  Working with the user I was able to figure out the following:

1.  If the user logs into OpenVPN they can't access the internal website.
2.  If the user logs into the parent company VPN and are logged off of OpenVPN they can access the internal website.

I do not understand why the two scenarios are occurring.
CERTIFIED EXPERT
Top Expert 2004
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Ok, but when the user uses OpenVPN "only" and I have added the users public IP they can't connect to the internal website.  They can only connect using the parent company VPN.

Why?
CERTIFIED EXPERT
Top Expert 2004
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
What do you mean by
If your internal site has an internal-only name, and responds on an internal-only IP
Is that the reason why when users us OpenVPN they can't access but the users who don't use OpenVPN to connect to network and instead use the parent company VPN they can access it?

Just trying to make sure I have a clear understanding so I know what to go back to them with.
CERTIFIED EXPERT
Top Expert 2004
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
I think that is their motivation - to ensure users can connect to *A* VPN.  I asked them 3 questions.

1.  Why can't they access internal site with OpenVPN.
2.  Why can they access internal site when connecting with the parent companies VPN and OpenVPN not logged on.
3.  What alternatives are available to the users to connect to the internal website.

Will let you know the response.

Author

Commented:
I received the below responses:

1) sounds like since the VPN is not forcing all traffic over it, it will not work as from the soubnd, the website uses IP authentication
2) same as #1. The parent company is forcing all traffic over the VPN and OpenVPN doesn't. We can do this with OpenVPN just need management approval
3) no

What does "forcing all traffic mean"?
What is the result of forcing all traffic?
What happens if the traffic is not forced?
CERTIFIED EXPERT
Top Expert 2004
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
And it seems that they are not doing that.  The parent company is but the IT folks who are managing OpenVPN for other company are not.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.