I tried several possibilites to logout from a LDAP authenticated session. None of them worked. I use Apache 2.4 on Centos7. Is there a way to do so?
My latest config look like:
<VirtualHost *:12345>
Alias /logouttest /var/www/html/logouttest
LogLevel trace
CustomLog /var/log/httpd/access_log common
ErrorLog /var/log/httpd/error_log
DocumentRoot /var/www/html/logouttest
<Directory /var/www/html/logouttest>
AllowOverride all
Session On
SessionCookieName session path=/
AuthType Basic
AuthName "logouttest"
AuthBasicProvider ldap
AuthLDAPURL ldap://ad.example.com:389/OU=Users,OU=Company,DC=xxxx,DC=ch?sAMAccountName?sub?(objectclass=*)
AuthLDAPBindDN CN=LDAPQuery,OU=services,OU=Administrative,OU=company,DC=xxxx,DC=com
AuthLDAPBindPassword 'xxx'
Require valid-user
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1,NS]
RequestHeader add X-Forwarded-User %{RU}e
</Directory>
<Location "/logout">
Allow from all
Satisfy Any
#SetHandler form-logout-handler
AuthFormLogoutLocation /logout/logout.html
Session On
SessionMaxAge 1
SessionCookieName session path=/
</Location>
</VirtualHost>
The Apache doc confuses me in this subject. Especially the line SetHandler form-logout-handler doesn't work at all. (Do I have to write my own handler?).
Anyway, I'd be glad if someone can confirm whether it's possible to properly terminate authenticated sessions in apache (Some posts declare it as not possible.)
There is no concept of logging out for HTTP Basic Authentication. A request is either accompanied by your credentials, or it isn't -- nothing in-between. Your browser doesn't prompt you every time, but the credentials are xmitted every time.
The form-related stuff you've read about is for a set of session-oriented login modules. It's n/a to what you have here.