LDAP basic authentication
diff --git a/apache/files/_auth.conf b/apache/files/_auth.conf
index 0703c70..d6c1e83 100644
--- a/apache/files/_auth.conf
+++ b/apache/files/_auth.conf
@@ -28,12 +28,21 @@
RequestHeader set X-Forwarded-User %{RU}e
{%- if site.auth.ldap is defined %}
+
+{%- if site.auth.ldap.get("mech", "GSSAPI") %}
+ # Not supported without patching, see:
+ # https://bz.apache.org/bugzilla/show_bug.cgi?id=55178
AuthLDAPBindSASLMech {{ site.auth.ldap.get("mech", "GSSAPI") }}
{%- if site.auth.ldap.interact is defined %}
AuthLDAPBindSASLInteract "{{ site.auth.ldap.interact }}"
{%- else %}
AuthLDAPBindSASLInteract "/usr/bin/kinit -k -t {{ site.auth.kerberos.get("keytab", "/etc/apache2/ipa.keytab") }} {{ site.auth.kerberos.get("service", "HTTP") }}/{{ site.host.name }}"
{%- endif %}
+{%- else %}
+ AuthLDAPBindDN "{{ site.auth.ldap.binddn }}
+ AuthLDAPBindPassword "{{ site.auth.ldap.password }}
+{%- endif %}
+
AuthLDAPURL "{{ site.auth.ldap.url }}"
{%- endif %}