Hi there, finally I setup proxy_mode with Apache Header Rewrite and .htaccess against ldap. I want to share the solution: 1. Add a Header-rewrite to /etc/apache/vhost.d/obs.conf: <VirtualHost *:444> ... RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set X-username "%{RU}e" env=RU ... </VirtualHost> 2. Write your own .htaccess File to authenticate against your LDAP or whatever. The file should be located in /srv/www/obs/api/public/.htaccess For LDAP you need to enable Apache modules: a2enmod ldap a2enmod authnz_ldap 3. Now you can enable proxy_auth_mode in /srv/www/obs/api/config/options.yml: proxy_auth_mode: :on Some other Hints: You should not enable proxy_auth_mode in /srv/www/obs/webui/config/options.yml because the webui is redirecting by frontend_host and frontend_port to the API on Port 444 Problems: - In proxy_auth mode you are not able to create no users! Undo step 1-3, restart Apache and login local Admin to create the users. Password doesn't matter after switching back to proxy_auth_mode because the LDAP passwords are used. Any hint's? - I wasn't able to setup native ldap_mode. Maybe a combination problem with ldap_mode/proxy_auth_mode/frontend_ldap_mode(webui). Looking at tcpdump, the OBS is sending ping reqeust to the ldap server. Our server doesn't respond to ping request but is open on 387/tcp /srv/www/obs/api/app/models/user.rb: line 1335: ping = system("ping -c 1 #{server} >/dev/null 2>/dev/null") Changeing the line to "ping = system("ping -c 1 127.0.0.1 >/dev/null 2>/dev/null")" doesn't help. tcpdump isn't seeing any traffic to the ldap server. Next I'll try ldap on localhost and reconnect through socat. Any comments? -- Andreas Herrmann Heinlein Support GmbH Linux: Akademie - Support - Hosting http://www.heinlein-support.de Tel: 030 / 40 50 51 - 45 Fax: 030 / 40 50 51 - 19 Zwangsangaben lt. §35a GmbHG: HRB 93818 B / Amtsgericht Berlin-Charlottenburg, Geschäftsführer: Peer Heinlein -- Sitz: Berlin