Quote:
Originally Posted by sang_froid
1. Do I need to install "mod_authz_ldap" module ? And is there any other module which I would need to install ?
|
I have been able to use mod_authz_ldap successfully. There are
other modules, but I don't know what it takes to make them work.
Be aware that mod_authz_ldap does NOT encrypt the data between
the apache server and the ldap server.
Also, be sure that you have SSL encryption on the pages with the
ldap authentication. Otherwise anyone else on the network will
be able to see the usernames and passwords.
Quote:
Originally Posted by sang_froid
2. Also what should I mention in .htaccess file to ask it to authenticate users against my Active Directory ?
|
This is what I put in my httpd.conf file. You will need to
update it, obviously.
Code:
<Directory "/var/www/html/restricted-area">
AuthType Basic
# What the users will see as a "title" of the login prompt:
AuthName "Domain Credentials Required"
# use plain LDAP authentication:
AuthzLDAPMethod ldap
# FQDN resolvable hostname (or IP) of the Windows
# AD domain controller:
AuthzLDAPServer mydomaincontroller.example.com
# Distinguished Name (DN) of the user that mod_authz_ldap should
# bind to the LDAP server as when searching for the domain user
# provided by the web client (Active Directory does not allow
# anonymous binds). Note, the cn attribute corresponds to the
# "Display Name" field of a user's account in the Active Directory
# Users and Computers tool, not their login username:
AuthzLDAPBindDN "cn=ldapauthuser,cn=Users,dc=example,dc=com"
# the BindDN user's password:
AuthzLDAPBindPassword "secretpassword"
# LDAP Attribute where the user's domain login username is stored in:
AuthzLDAPUserKey sAMAccountName
# Base DN to begin searching for users from in the LDAP:
AuthzLDAPUserBase "cn=Users,dc=example,dc=com"
# Search in sub-containers below the UserBase DN if
# necessary (most likely):
AuthzLDAPUserScope subtree
# Require the username and password provided to be a valid
# user in the AD:
require valid-user
# log verbosity level:
AuthzLDAPLogLevel info
</Directory>