[Novalug] Apache AD/LDAP authn w/ bind name/password
Xavier Belanger
tux at belanger.fr
Mon Jan 9 21:56:55 EST 2012
Hi,
> i need to be able to make Apache authenticate against AD/LDAP using a
> bind name and password.
>
> has anyone done this already and can give me an example of how they
> did it?
I have done this for a group authentication, with an LDAP server,
you will just need to modify the following directives to match
with your environment:
<Directory /srv/apache2/website/>
Order deny,allow
Deny from All
# access allowed without auth form local networks
Allow from 192.168.1.0/24
Allow from 10.1.2.0/24
AuthType Basic
AuthName "Please enter an ID and a password"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
# LDAP account use for the LDAP request
AuthLDAPBindDN "uid=account,ou=people,ou=acme,dc=example,dc=net"
AuthLDAPBindPassword "********"
# LDAP request for an UID
AuthLDAPURL ldap://server.example.net:389/ou=people,ou=acme,dc=example,dc=net?uid?
# Condition (UID must be a member of the clearance-group)
Require ldap-group cn=clearance-group,ou=groups,ou=acme,dc=example,dc=net
Satisfy Any
</Directory>
Don't forget to allow full access (without authorization) for error pages,
maybe some images, CSS, etc.
Bye.
--
Xavier Belanger
More information about the Novalug
mailing list