Apache Active Directory Authentication howto

July 16, 2012

Apache Active Directory Authentication howto

Modules Needed

mod_authz_ldap

Install mod_authz_ldap

yum install mod_authz_ldap

Verify Apache Config has Needed Modules

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so

Apache Group LDAP Configuration (Active Directory Group Level Auth)

        AuthBasicProvider ldap 
	AuthzLDAPAuthoritative On
	AuthLDAPURL ldap://10.128.28.3:3268/dc=xx,dc=com?sAMAccountName
	AuthLDAPBindDN cn=anonbinduser,dc=xx,dc=com
	AuthLDAPBindPassword secret
	AuthType Basic
	AuthName "Authorization required"
	require ldap-group cn=elite,ou=xx,dc=xx,dc=com
	AuthzLDAPLogLevel debug

Apache OU LDAP Configuration (Alternative OU Level Configuration)

      AuthName "Authorized Access Only"
      AuthType Basic
      AuthzLDAPMethod ldap
      AuthzLDAPServer 10.0.0.0:389
      AuthzLDAPBindDN "cn=anonbinduser,dc=xx,dc=com"
      AuthzLDAPBindPassword secret
      AuthzLDAPUserBase "OU=someOUwithUsersToAuthenticateAgainst,OU=xx,DC=xx,DC=com"
      AuthzLDAPUserKey sAMAccountName
      AuthzLDAPUserScope subtree

      require valid-user
      AuthzLDAPLogLevel debug