Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 11-20-2009, 09:18 AM   #1
Registered: Oct 2006
Posts: 179

Rep: Reputation: 15
authenticating against Active Directory


I have a web site which I would want to allow only users after authenticating them against our Active Directory. I wanted to place .htaccess file in the main web folder

1. Do I need to install "mod_authz_ldap" module ? And is there any other module which I would need to install ?

2. Also what should I mention in .htaccess file to ask it to authenticate users against my Active Directory ?

Thank you.
Old 12-06-2009, 07:45 AM   #2
Registered: Jan 2007
Location: Canton, MI
Distribution: CentOS, SuSE, Red Hat, Debian, etc.
Posts: 703

Rep: Reputation: 97
Originally Posted by sang_froid View Post
1. Do I need to install "mod_authz_ldap" module ? And is there any other module which I would need to install ?
I have been able to use mod_authz_ldap successfully. There are
other modules, but I don't know what it takes to make them work.
Be aware that mod_authz_ldap does NOT encrypt the data between
the apache server and the ldap server.

Also, be sure that you have SSL encryption on the pages with the
ldap authentication. Otherwise anyone else on the network will
be able to see the usernames and passwords.

Originally Posted by sang_froid View Post
2. Also what should I mention in .htaccess file to ask it to authenticate users against my Active Directory ?
This is what I put in my httpd.conf file. You will need to
update it, obviously.

<Directory "/var/www/html/restricted-area">
AuthType Basic
# What the users will see as a "title" of the login prompt:
AuthName "Domain Credentials Required"
# use plain LDAP authentication:
AuthzLDAPMethod ldap
# FQDN resolvable hostname (or IP) of the Windows
# AD domain controller:
# Distinguished Name (DN) of the user that mod_authz_ldap should
# bind to the LDAP server as when searching for the domain user
# provided by the web client (Active Directory does not allow
# anonymous binds).  Note, the cn attribute corresponds to the
# "Display Name" field of a user's account in the Active Directory
# Users and Computers tool, not their login username:
AuthzLDAPBindDN "cn=ldapauthuser,cn=Users,dc=example,dc=com"
# the BindDN user's password:
AuthzLDAPBindPassword "secretpassword"
# LDAP Attribute where the user's domain login username is stored in:
AuthzLDAPUserKey sAMAccountName
# Base DN to begin searching for users from in the LDAP:
AuthzLDAPUserBase "cn=Users,dc=example,dc=com"
# Search in sub-containers below the UserBase DN if
# necessary (most likely):
AuthzLDAPUserScope subtree
# Require the username and password provided to be a valid
# user in the AD:
require valid-user
# log verbosity level:
AuthzLDAPLogLevel info


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Logging in via SSH while authenticating against Active Directory. rurounikakita Linux - Enterprise 7 02-23-2008 10:57 PM
Authenticating Website Users against Active Directory deadlock Linux - Server 1 01-15-2008 06:10 AM
authenticating fedora against ms active directory paulgnyc Linux - Enterprise 6 10-26-2006 08:41 AM
Authenticating Linux Active Directory paul_mat Red Hat 2 09-30-2006 07:24 PM
Problems authenticating to Active Directory eantoranz Linux - Networking 3 08-02-2005 05:11 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:58 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration