Apache Active Directory Authentication howto

Apache Active Directory Authentication howto

Modules Needed


Install mod_authz_ldap

yum install mod_authz_ldap

Verify Apache Config has Needed Modules

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so

Apache Group LDAP Configuration (Active Directory Group Level Auth)

        AuthBasicProvider ldap 
	AuthzLDAPAuthoritative On
	AuthLDAPURL ldap://,dc=com?sAMAccountName
	AuthLDAPBindDN cn=anonbinduser,dc=xx,dc=com
	AuthLDAPBindPassword secret
	AuthType Basic
	AuthName "Authorization required"
	require ldap-group cn=elite,ou=xx,dc=xx,dc=com
	AuthzLDAPLogLevel debug

Apache OU LDAP Configuration (Alternative OU Level Configuration)

      AuthName "Authorized Access Only"
      AuthType Basic
      AuthzLDAPMethod ldap
      AuthzLDAPBindDN "cn=anonbinduser,dc=xx,dc=com"
      AuthzLDAPBindPassword secret
      AuthzLDAPUserBase "OU=someOUwithUsersToAuthenticateAgainst,OU=xx,DC=xx,DC=com"
      AuthzLDAPUserKey sAMAccountName
      AuthzLDAPUserScope subtree

      require valid-user
      AuthzLDAPLogLevel debug

Leave a Reply

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>