Hi ,
We have working mediawiki service running on Centos 5 with httpd 2.2 .Users may have either http or https access to the server .
Now we would like to grant web access to specific AD users/groups only . At present it works with Basic type authentication but in this way users credentials are being passed passed in clear text ( port 80 )
How to make users accounts and password will be passed encrypted and limit their https ( I assume ) access based on users group membership in AD ?
Possible solution - close port 80 and leave 443 only ? In this way users won't get username/password window prompt as with Basic authentication .
Here it is working configuration :
<VirtualHost *:80>
ServerAdmin
admin@example.com
DocumentRoot "/var/www/wiki"
ServerName spedia.example.com
ServerAlias spedia
<Directory />
Options FollowSymLinks
AllowOverride None
## After user provides his username/pw all traffic will be redirected to https :
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*)$
https://example.com [R]
AuthName "Welcome to Spedia "
# Do basic password authentication in the clear
AuthType Basic
AuthBasicProvider ldap
AuthLDAPBindDN "CN=LDAP_ANONYMOUS,OU=users,OU=…,DC=…,DC=com"
AuthLDAPBindPassword "password"
AuthLDAPURL "ldap://localdc.com:3268/DC=..,DC=com?sAMAccountName?"
AuthzLDAPAuthoritative off
AuthLDAPGroupAttribute memberUid
# Require authentication for this Location
Require valid-user
</Directory>
</VirtualHost>
Any ideas ?
Thanks .