LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-20-2009, 08:18 AM   #1
sang_froid
Member
 
Registered: Oct 2006
Posts: 179

Rep: Reputation: 15
authenticating against Active Directory


Hi,

I have a web site which I would want to allow only users after authenticating them against our Active Directory. I wanted to place .htaccess file in the main web folder

1. Do I need to install "mod_authz_ldap" module ? And is there any other module which I would need to install ?

2. Also what should I mention in .htaccess file to ask it to authenticate users against my Active Directory ?

Thank you.
 
Old 12-06-2009, 06:45 AM   #2
carltm
Member
 
Registered: Jan 2007
Location: Canton, MI
Distribution: CentOS, SuSE, Red Hat, Debian, etc.
Posts: 697

Rep: Reputation: 93
Quote:
Originally Posted by sang_froid View Post
1. Do I need to install "mod_authz_ldap" module ? And is there any other module which I would need to install ?
I have been able to use mod_authz_ldap successfully. There are
other modules, but I don't know what it takes to make them work.
Be aware that mod_authz_ldap does NOT encrypt the data between
the apache server and the ldap server.

Also, be sure that you have SSL encryption on the pages with the
ldap authentication. Otherwise anyone else on the network will
be able to see the usernames and passwords.

Quote:
Originally Posted by sang_froid View Post
2. Also what should I mention in .htaccess file to ask it to authenticate users against my Active Directory ?
This is what I put in my httpd.conf file. You will need to
update it, obviously.

Code:
<Directory "/var/www/html/restricted-area">
AuthType Basic
# What the users will see as a "title" of the login prompt:
AuthName "Domain Credentials Required"
# use plain LDAP authentication:
AuthzLDAPMethod ldap
# FQDN resolvable hostname (or IP) of the Windows
# AD domain controller:
AuthzLDAPServer mydomaincontroller.example.com
# Distinguished Name (DN) of the user that mod_authz_ldap should
# bind to the LDAP server as when searching for the domain user
# provided by the web client (Active Directory does not allow
# anonymous binds).  Note, the cn attribute corresponds to the
# "Display Name" field of a user's account in the Active Directory
# Users and Computers tool, not their login username:
AuthzLDAPBindDN "cn=ldapauthuser,cn=Users,dc=example,dc=com"
# the BindDN user's password:
AuthzLDAPBindPassword "secretpassword"
# LDAP Attribute where the user's domain login username is stored in:
AuthzLDAPUserKey sAMAccountName
# Base DN to begin searching for users from in the LDAP:
AuthzLDAPUserBase "cn=Users,dc=example,dc=com"
# Search in sub-containers below the UserBase DN if
# necessary (most likely):
AuthzLDAPUserScope subtree
# Require the username and password provided to be a valid
# user in the AD:
require valid-user
# log verbosity level:
AuthzLDAPLogLevel info
</Directory>
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Logging in via SSH while authenticating against Active Directory. rurounikakita Linux - Enterprise 7 02-23-2008 09:57 PM
Authenticating Website Users against Active Directory deadlock Linux - Server 1 01-15-2008 05:10 AM
authenticating fedora against ms active directory paulgnyc Linux - Enterprise 6 10-26-2006 07:41 AM
Authenticating Linux Active Directory paul_mat Red Hat 2 09-30-2006 06:24 PM
Problems authenticating to Active Directory eantoranz Linux - Networking 3 08-02-2005 04:11 PM


All times are GMT -5. The time now is 10:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration