controlling access to multiple websites using apache and acls

Question

My scenario is this. We have a machine that acts as an employee portal giving access to a few web based applications.

What we would like to do is control user access to these applications using a single login website authenticating against LDAP. This application would then display a page to the user giving them a list of applications that they have access to.

However, we need to also deny them access to applications that are not in their list. In essence, setting up apache to provide acls against the different applications on the site. It is important that the user can not bypass by manually entering the URL, and any attempt directs them the the login page.

Is this at all possible??

The challenge is to try and make the access as simple as possible for our users as, well they seem to struggle with URLS of the apps being different when accessed externally rather than internal and this is a way to enable them easy navigation and access.

For information the login site is being written in PHP and using the Zend Framework that will authenticate and get access lists from LDAP.

Thanks in advance.

Answer 1

From what you have written, I can't quite tell if you want the authentication to be at the Apache (server) level or the php ( application ) level.

If you want to do it at the Apache level:

You can use basic / simple authentication with the mod_auth_ldap module to restrict access to particular directories and sub directories. If you do use this, you should use mod_ssl so the passwords can not be sniffed.

If you want to do it on the application level with php, you should ask in stackoverflow.