Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Apache AD Auth |
|
Author |
|
fax
Joined: 05 Feb 2007 Posts: 24
|
Posted: Sat 19 May '07 3:16 Post subject: Apache AD Auth |
|
|
I want to use Apache2.2.4 to auth against my Windows Server 2003 Active Directory. After reading the documentation I found virtually nothing on how to write the config file for MS AD. Please help.
Basic I want all user who is in Apache group to be able to login into the server.
My AD domain name is cnz.com
My Domain Controller is cnzlaptop (cnzlaptop.cnz.com)
Please help. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7374 Location: Germany, Next to Hamburg
|
Posted: Thu 07 Jun '07 17:00 Post subject: |
|
|
I am not sure, but I think you can use LDAP for Auth on Active Directory? |
|
Back to top |
|
tdonovan Moderator
Joined: 17 Dec 2005 Posts: 611 Location: Milford, MA, USA
|
Posted: Thu 07 Jun '07 20:39 Post subject: |
|
|
The first link in this post to the Apache-Users list might help you get started.
-tom- |
|
Back to top |
|
VoodooMill
Joined: 11 Jan 2007 Posts: 60
|
Posted: Tue 12 Jun '07 19:52 Post subject: |
|
|
This came up as a project for me recently. It works well, although we manage our groups within the AD rather than with Apache, but I modified the config to use Apache groups.
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
<Directory "<path of protected folder>">
SSLRequireSSL
AuthType Basic
AuthName "Protected Directory"
AuthGroupFile <Path to your group file>
AuthBasicProvider ldap
AuthLDAPURL "ldaps://cnzlaptop.cnz.com/dc=cnz,dc=com?sAMAccountName?sub?(objectClass=*)" SSL
AuthLDAPBindDN cn=<AD user account for bind>,cn=<AD group bind user is in, if applicable>,dc=cnz,dc=com
AuthLDAPBindPassword <Password for bind user account>
AuthzLDAPAuthoritative on
require group <Apache group name>
</Directory>
In our Apache group file the usernames listed must match those in your AD that you would like to have access.
I recommend use of SSL and LDAPS for secure transmission of important AD login information from the client to the web server, and then from the web server to the domain controller. LDAP is fine if you have IPSec working from the web server to the domain controller.
Hope this is helpful to you. |
|
Back to top |
|
|
|
|
|
|