Linux: LDAP Authentication and PAM

Last update: 15 March 2018

Information

Under Linux, the LDAP configuration for the Fabasoft Folio Webservices is done in the Virtual Application Configuration (Default: FSCVAPP@1.1001:DefaultConfig).

With that single configuration, by default it is not possible to request special password input from the user when signing objects. 

If additional passwort request for signing objects is required, PAM (Linux Pluggable Authentication Modules) needs to be configured.

As the webbrowser caches the credentials after successful Apache LDAP authentication, Fabasoft Folio can be configured to use the PAM architecture for a "second" login to sign objects when using LDAP.  The configuration of PAM takes place in /etc/pam_ldap.conf 

In the case that the LDAP server hostname changes and Folio is configured to ask for a password on signing, the LDAP hostname change needs to be reflected in the Folio Virtual Application Configuration as well as in the /etc/pam_ldap.conf configuration file.

Solution

Please see the White Paper Authentication With LDAP (Basic).pdf issued in your installation kit, or visit the online version of the White Paper for full documentation of the LDAP configuation.

Applies to

Fabasoft Folio (all versions)
Fabasoft eGov-Suite (all versions)

Further questions?