Duo Authentication Proxy: Difference between revisions
From DWIKI
Created page with "To add DUO authentication to LDAP =Links= *https://duo.com/docs/ldap =HOWTO= ==duoauthproxy and Apache== # Outside vhost/directory whatever LDAPCacheTTL 7200 LDAPOpCacheTTL 3600 LDAPRetryDelay 300 ===Inside VirtualHost config=== ====Don't want this on my own network==== SetEnvIf Remote_Addr "192\.168\.1\." AUTH_LDAP=1 AuthBasicProvider ldap <If "-n %{ENV:AUTH_LDAP}"> AuthLDAPURL ldap://ldap.example.com/dc=example,dc=com?sAMAccountName AuthName "Authentic..." Tag: wikieditor |
mNo edit summary Tag: wikieditor |
||
| (One intermediate revision by the same user not shown) | |||
| Line 7: | Line 7: | ||
=HOWTO= | =HOWTO= | ||
==duoauthproxy and Apache== | ==duoauthproxy and Apache== | ||
===Global Apache config=== | |||
LDAPCacheTTL 7200 | LDAPCacheTTL 7200 | ||
LDAPOpCacheTTL 3600 | LDAPOpCacheTTL 3600 | ||
#Keeps it from flooding Duo after expiration, maybe should be even higher | |||
LDAPRetryDelay 300 | LDAPRetryDelay 300 | ||
| Line 31: | Line 32: | ||
Require valid-user | Require valid-user | ||
</Else> | </Else> | ||
=FAQ= | |||
==Keeps sending requests== | |||
At duo.com check Application Policy '''Remember_devices_policy''' | |||
Latest revision as of 12:06, 12 March 2026
To add DUO authentication to LDAP
Links
HOWTO
duoauthproxy and Apache
Global Apache config
LDAPCacheTTL 7200 LDAPOpCacheTTL 3600 #Keeps it from flooding Duo after expiration, maybe should be even higher LDAPRetryDelay 300
Inside VirtualHost config
Don't want this on my own network
SetEnvIf Remote_Addr "192\.168\.1\." AUTH_LDAP=1
AuthBasicProvider ldap
<If "-n %{ENV:AUTH_LDAP}">
AuthLDAPURL ldap://ldap.example.com/dc=example,dc=com?sAMAccountName
AuthName "Authentication with ldap"
AuthLDAPBindDN CN=Administrator,CN=Users,DC=example,DC=com
AuthLDAPBindPassword "f00b4r"
Require valid-user
</If>
<Else>
AuthLDAPURL ldap://localhost/dc=example,dc=com?sAMAccountName
AuthName "Authentication with duo"
AuthLDAPBindDN CN=Administrator,CN=Users,DC=example,DC=com
AuthLDAPBindPassword "f00b4r"
Require valid-user
</Else>
FAQ
Keeps sending requests
At duo.com check Application Policy Remember_devices_policy
