Duo Authentication Proxy

From DWIKI
Revision as of 14:26, 16 October 2025 by Tony (talk | contribs) (→‎duoauthproxy and Apache)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

To add DUO authentication to LDAP

Links


HOWTO

duoauthproxy and Apache

Global Apache config

LDAPCacheTTL 7200
LDAPOpCacheTTL 3600
#Keeps it from flooding Duo after expiration, maybe should be even higher
LDAPRetryDelay 300

Inside VirtualHost config

Don't want this on my own network

SetEnvIf Remote_Addr "192\.168\.1\." AUTH_LDAP=1
AuthBasicProvider ldap
<If "-n %{ENV:AUTH_LDAP}">
  AuthLDAPURL ldap://ldap.example.com/dc=example,dc=com?sAMAccountName
  AuthName "Authentication with ldap"
  AuthLDAPBindDN CN=Administrator,CN=Users,DC=example,DC=com
  AuthLDAPBindPassword "f00b4r"
  Require valid-user
 </If>
 <Else>  
  AuthLDAPURL ldap://localhost/dc=example,dc=com?sAMAccountName
  AuthName "Authentication with duo"
  AuthLDAPBindDN CN=Administrator,CN=Users,DC=example,DC=com
  AuthLDAPBindPassword "f00b4r"
  Require valid-user
 </Else>