logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache AD Auth
Author
fax



Joined: 05 Feb 2007
Posts: 24

PostPosted: Sat 19 May '07 3:16    Post subject: Apache AD Auth Reply with quote

I want to use Apache2.2.4 to auth against my Windows Server 2003 Active Directory. After reading the documentation I found virtually nothing on how to write the config file for MS AD. Please help.

Basic I want all user who is in Apache group to be able to login into the server.

My AD domain name is cnz.com

My Domain Controller is cnzlaptop (cnzlaptop.cnz.com)

Please help.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7374
Location: Germany, Next to Hamburg

PostPosted: Thu 07 Jun '07 17:00    Post subject: Reply with quote

I am not sure, but I think you can use LDAP for Auth on Active Directory?
Back to top
tdonovan
Moderator


Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA

PostPosted: Thu 07 Jun '07 20:39    Post subject: Reply with quote

The first link in this post to the Apache-Users list might help you get started.

-tom-
Back to top
VoodooMill



Joined: 11 Jan 2007
Posts: 60

PostPosted: Tue 12 Jun '07 19:52    Post subject: Reply with quote

This came up as a project for me recently. It works well, although we manage our groups within the AD rather than with Apache, but I modified the config to use Apache groups.

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

<Directory "<path of protected folder>">
SSLRequireSSL
AuthType Basic
AuthName "Protected Directory"
AuthGroupFile <Path to your group file>
AuthBasicProvider ldap

AuthLDAPURL "ldaps://cnzlaptop.cnz.com/dc=cnz,dc=com?sAMAccountName?sub?(objectClass=*)" SSL
AuthLDAPBindDN cn=<AD user account for bind>,cn=<AD group bind user is in, if applicable>,dc=cnz,dc=com
AuthLDAPBindPassword <Password for bind user account>
AuthzLDAPAuthoritative on
require group <Apache group name>
</Directory>

In our Apache group file the usernames listed must match those in your AD that you would like to have access.

I recommend use of SSL and LDAPS for secure transmission of important AD login information from the client to the web server, and then from the web server to the domain controller. LDAP is fine if you have IPSec working from the web server to the domain controller.

Hope this is helpful to you.
Back to top


Reply to topic   Topic: Apache AD Auth View previous topic :: View next topic
Post new topic   Forum Index -> Apache