LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 10-11-2006, 09:56 PM   #1
Braytac
LQ Newbie
 
Registered: Jul 2003
Location: Sydney, Aus
Distribution: Debian (Prefered), Ubuntu, Redhat, Fedora
Posts: 22

Rep: Reputation: 15
how to set up single sign on with apache with Active directory


Hi all.

I am attempting to set up Apache2 to replace IIS6. one of the bigger features of IIS which is preventing the migration is domain authentication for web pages.

the Linux machine is running Debian 3.1 Release 3. all packages are installed via apt so far.

i have read alot of articles about configuring the virtual host with the below details.

<VirtualHost *:443>
#Certificate
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/ldap.domain.com.pem

#Basic setup
ServerAdmin manager@domain.com
ServerName ldap.domain.com
DocumentRoot /home/hosting/ldap.domain.com/htdocs/

# HTML documents, with indexing.
<Directory />
Options ALL ExecCGI +Includes
Order allow,deny
Allow from all
AuthLDAPAuthoritative on
AuthType Basic
AuthName "Test IT LDAP"
AuthLDAPBindDN cn=ldapviewer,cn=Users,dc=domain,dc=com
AuthLDAPBindPassword ldapviewer_password
AuthLDAPURL "ldap://dc.domain.com:389/cn=Users,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)"
</Directory>

#private to IT Dept
<Directory "/home/hosting/ldap.domain.com/htdocs/private">
AuthName "Special User Area"
require group OU=ITStaff,OU=StaffAccounts,DC=domain,DC=com
</Directory>

# CGI Handling
ScriptAlias /cgi-bin/ /home/hosting/ldap.domain.com/cgi/
<Location /cgi-bin>
Options +ExecCGI
</Location>

# Logfiles
ErrorLog /home/hosting/ldap.domain.com/logs/error.log
CustomLog /home/hosting/ldap.domain.com/logs/access.log combined
</VirtualHost>

i dont know how to properly test it but what i am trying to achive for this test is to only grant access to the ITStaff group to the private folder. the error i get from /home/hosting/ldap.domain.com/logs/error.log is as follows.

[Thu Oct 12 20:35:39 2006] [warn] [client 192.168.4.13] [5021] auth_ldap authenticate: user ldapviewer authentication failed; URI /private [LDAP: ldap_simple_
bind_s() failed][Invalid credentials]

[Thu Oct 12 20:31:53 2006] [warn] [client 192.168.4.13] [4993] auth_ldap authenticate: user server authentication failed; URI /private [LDAP: ldap_simple_bind
_s() failed][Invalid credentials]

above are the attempts i tried. one being an account in the ITStaff OU and the other being the ldapviewer account which i created to be able to read AD. i read that a basic restricted account is required to read AD in order to run queries.

as far as i'm aware the mod_ldap module is loaded but i'm not 100% sure.

i've read on LQ that there are a few people that have already done this. however I have been unable to complete the task though those forums.

any advice would be greatly appreciated.

thanks
 
Old 11-08-2007, 05:54 PM   #2
mrcoffee11
LQ Newbie
 
Registered: Jul 2006
Posts: 18

Rep: Reputation: 0
Did you get it to work?
I need to authenticate to AD via LDAP using a AD group.
I tried a lot of possile combinatios, nothing worked.

Cheers
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Single Sign-On to Active Directory camshere Linux - Software 6 12-11-2006 06:46 AM
Single Sign-on Solution sunhui Linux - Software 1 07-14-2006 10:46 PM
apache / ftp authenticationg against Active Directory eantoranz Linux - Networking 9 01-09-2006 12:34 PM
apache authenticate to Active Directory zuessh Linux - Software 1 07-08-2005 03:29 PM
Single Sign-On help vvandam Linux - Security 6 07-21-2003 05:23 AM


All times are GMT -5. The time now is 06:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration