LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 08-11-2011, 04:54 AM   #1
bobbera
Member
 
Registered: Jun 2007
Posts: 39

Rep: Reputation: 0
Apache secure access for specific AD users/groups only


Hi ,

We have working mediawiki service running on Centos 5 with httpd 2.2 .Users may have either http or https access to the server .

Now we would like to grant web access to specific AD users/groups only . At present it works with Basic type authentication but in this way users credentials are being passed passed in clear text ( port 80 )

How to make users accounts and password will be passed encrypted and limit their https ( I assume ) access based on users group membership in AD ?

Possible solution - close port 80 and leave 443 only ? In this way users won't get username/password window prompt as with Basic authentication .

Here it is working configuration :

<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot "/var/www/wiki"
ServerName spedia.example.com
ServerAlias spedia

<Directory />
Options FollowSymLinks
AllowOverride None


## After user provides his username/pw all traffic will be redirected to https :

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*)$ https://example.com [R]

AuthName "Welcome to Spedia "
# Do basic password authentication in the clear
AuthType Basic
AuthBasicProvider ldap
AuthLDAPBindDN "CN=LDAP_ANONYMOUS,OU=users,OU=,DC=,DC=com"

AuthLDAPBindPassword "password"
AuthLDAPURL "ldap://localdc.com:3268/DC=..,DC=com?sAMAccountName?"
AuthzLDAPAuthoritative off
AuthLDAPGroupAttribute memberUid

# Require authentication for this Location
Require valid-user

</Directory>
</VirtualHost>


Any ideas ?

Thanks .
 
Old 08-11-2011, 08:46 AM   #2
salemeni
Member
 
Registered: Aug 2011
Posts: 64

Rep: Reputation: Disabled
Quote:
Originally Posted by bobbera View Post
Hi ,

We have working mediawiki service running on Centos 5 with httpd 2.2 .Users may have either http or https access to the server .

Now we would like to grant web access to specific AD users/groups only . At present it works with Basic type authentication but in this way users credentials are being passed passed in clear text ( port 80 )

How to make users accounts and password will be passed encrypted and limit their https ( I assume ) access based on users group membership in AD ?

Possible solution - close port 80 and leave 443 only ? In this way users won't get username/password window prompt as with Basic authentication .

Here it is working configuration :

<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot "/var/www/wiki"
ServerName spedia.example.com
ServerAlias spedia

<Directory />
Options FollowSymLinks
AllowOverride None


## After user provides his username/pw all traffic will be redirected to https :

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*)$ https://example.com [R]

AuthName "Welcome to Spedia "
# Do basic password authentication in the clear
AuthType Basic
AuthBasicProvider ldap
AuthLDAPBindDN "CN=LDAP_ANONYMOUS,OU=users,OU=…,DC=…,DC=com"

AuthLDAPBindPassword "password"
AuthLDAPURL "ldap://localdc.com:3268/DC=..,DC=com?sAMAccountName?"
AuthzLDAPAuthoritative off
AuthLDAPGroupAttribute memberUid

# Require authentication for this Location
Require valid-user

</Directory>
</VirtualHost>


Any ideas ?

Thanks .
Check you rewrite condition.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

generics array

Last edited by salemeni; 12-06-2011 at 03:56 AM.
 
  


Reply

Tags
apache


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with Apache: free access from lan users and password access to wan users... how? maginotjr Linux - Server 4 01-01-2011 12:08 PM
How to allow read access to all users and writes to some specific with apache/webdav? polik Linux - Server 5 03-12-2009 07:30 AM
How to restrict users / groups and better secure NFS themadatter Linux - Networking 8 06-30-2008 09:10 PM
Permissions: giving specific groups write access to a directory kinetik Linux - General 3 07-06-2006 09:30 AM
Users, groups, permissions - specific task question Doctafonk Linux - General 2 04-21-2004 10:05 PM


All times are GMT -5. The time now is 05:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration