Topic: Apache AD Auth

[fax]

I want to use Apache2.2.4 to auth against my Windows Server 2003 Active Directory. After reading the documentation I found virtually nothing on how to write the config file for MS AD. Please help.

Basic I want all user who is in Apache group to be able to login into the server.

My AD domain name is cnz.com

My Domain Controller is cnzlaptop (cnzlaptop.cnz.com)

Please help.

[James Blond]

I am not sure, but I think you can use LDAP for Auth on Active Directory?

[tdonovan]

The first link in this post to the Apache-Users list might help you get started.

-tom-

[VoodooMill]

This came up as a project for me recently. It works well, although we manage our groups within the AD rather than with Apache, but I modified the config to use Apache groups.

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

<Directory "<path of protected folder>">
SSLRequireSSL
AuthType Basic
AuthName "Protected Directory"
AuthGroupFile <Path to your group file>
AuthBasicProvider ldap

AuthLDAPURL "ldaps://cnzlaptop.cnz.com/dc=cnz,dc=com?sAMAccountName?sub?(objectClass=*)" SSL
AuthLDAPBindDN cn=<AD user account for bind>,cn=<AD group bind user is in, if applicable>,dc=cnz,dc=com
AuthLDAPBindPassword <Password for bind user account>
AuthzLDAPAuthoritative on
require group <Apache group name>
</Directory>

In our Apache group file the usernames listed must match those in your AD that you would like to have access.

I recommend use of SSL and LDAPS for secure transmission of important AD login information from the client to the web server, and then from the web server to the domain controller. LDAP is fine if you have IPSec working from the web server to the domain controller.

Hope this is helpful to you.