Apache Active Directory Authentication howto

Apache Active Directory Authentication howto

Modules Needed

mod_authz_ldap

Install mod_authz_ldap

yum install mod_authz_ldap

Verify Apache Config has Needed Modules

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so

Apache Group LDAP Configuration (Active Directory Group Level Auth)

        AuthBasicProvider ldap 
	AuthzLDAPAuthoritative On
	AuthLDAPURL ldap://10.128.28.3:3268/dc=xx,dc=com?sAMAccountName
	AuthLDAPBindDN cn=anonbinduser,dc=xx,dc=com
	AuthLDAPBindPassword secret
	AuthType Basic
	AuthName "Authorization required"
	require ldap-group cn=elite,ou=xx,dc=xx,dc=com
	AuthzLDAPLogLevel debug

Apache OU LDAP Configuration (Alternative OU Level Configuration)

      AuthName "Authorized Access Only"
      AuthType Basic
      AuthzLDAPMethod ldap
      AuthzLDAPServer 10.0.0.0:389
      AuthzLDAPBindDN "cn=anonbinduser,dc=xx,dc=com"
      AuthzLDAPBindPassword secret
      AuthzLDAPUserBase "OU=someOUwithUsersToAuthenticateAgainst,OU=xx,DC=xx,DC=com"
      AuthzLDAPUserKey sAMAccountName
      AuthzLDAPUserScope subtree

      require valid-user
      AuthzLDAPLogLevel debug

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>