Tuesday, February 21, 2012
Apache LDAP Authentication
This is how to authenticate Microsoft Windows Active Directory users with Apache:
vi /etc/httpd/conf/httpd.conf
Make sure the following 3 lines are NOT hashed out:
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_basic_module modules/mod_auth_basic.so
Wherever your web directory is, still in /etc/httpd/conf/httpd.conf:
Hash everything out and add the following line:
REFERRALS off
Restart Apache
/etc/init.d/httpd restart
Now if you go to your web server's root with your browser, you will be prompted for a username and password. If you do have a valid Active Directory user account, you will be authenticated against AD.
vi /etc/httpd/conf/httpd.conf
Make sure the following 3 lines are NOT hashed out:
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_basic_module modules/mod_auth_basic.so
Wherever your web directory is, still in /etc/httpd/conf/httpd.conf:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
Order deny,allow
Deny from All
AuthName "AD Username Password please"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPUrl "ldap://your_dc_fqdn:389/OU=SOME_OU,DC=yourdomain,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "CN=your_AD_user,CN=Users,DC=yourdomain,DC=com"
AuthLDAPBindPassword your_AD_user_password
Require valid-user
Satisfy any
</Directory>Hash everything out and add the following line:
REFERRALS off
Restart Apache
/etc/init.d/httpd restart
Now if you go to your web server's root with your browser, you will be prompted for a username and password. If you do have a valid Active Directory user account, you will be authenticated against AD.
