Kolab2 Integration with Apache2

From Kolab wiki

General Kolab LDAP authentication for Apache 2

It is possible to use the Kolab LDAP for the authentication of web pages or sites using the mod_authnz_ldap module:
Create a .htaccess file in the web server directory you want to protect:

AuthType Basic
AuthName "MyCompany"

AuthBasicProvider ldap
AuthLDAPURL ldap://kolab-server.mydomain.com:389/dc=mycompany,dc=com?uid?sub?(objectClass=*) 

# All valid Kolab users are allowed
AuthzLDAPAuthoritative off
Require valid-user

# Selected Kolab users are allowed (if activated, the AuthzLDAPAuthoritative 
# directive is not required)
#Require ldap-user bjenson fuser jmanager

Don't forget to set AllowOverride to ALL in the relevant section of your httpd.conf (depends on your individual Apache installation. On recent systems check for /etc/apache2/sites-available and man a2ensite.

Kolab LDAP authentication for Trac

This works in a very similar way as described above. The Settings for the Basic authentication need not reside in a .htaccess file, they can also be a Location directive of your web server. Here is an example /etc/apache/sites-available/trac file:

<Location /trac>
 AuthType Basic
 AuthName "MyCompany"
 AuthBasicProvider ldap
 AuthLDAPURL ldap://kolab-server.mydomain.com:389/dc=mycompany,dc=com?uid?sub?(objectClass=*)
 AuthzLDAPAuthoritative off
 Require valid-user

 SetHandler mod_python
 PythonHandler trac.web.modpython_frontend
 PythonOption TracEnv /var/www/apache2-trac/
 PythonOption TracUriRoot /trac
</Location> 

Group authentication with LDAP

ToDo: Figure out how to use LDAP-Groups and describe.

Pointer: LDAP-Groups with mod_authnz_ldap, Kolab distribution lists are groups, objectClass is kolabGroupOfNames, attribute for group members is 'members'. Anyone?