how to set up single sign on with apache with Active directory
Hi all.
I am attempting to set up Apache2 to replace IIS6. one of the bigger features of IIS which is preventing the migration is domain authentication for web pages. the Linux machine is running Debian 3.1 Release 3. all packages are installed via apt so far. i have read alot of articles about configuring the virtual host with the below details. <VirtualHost *:443> #Certificate SSLEngine On SSLCertificateFile /etc/apache2/ssl/ldap.domain.com.pem #Basic setup ServerAdmin manager@domain.com ServerName ldap.domain.com DocumentRoot /home/hosting/ldap.domain.com/htdocs/ # HTML documents, with indexing. <Directory /> Options ALL ExecCGI +Includes Order allow,deny Allow from all AuthLDAPAuthoritative on AuthType Basic AuthName "Test IT LDAP" AuthLDAPBindDN cn=ldapviewer,cn=Users,dc=domain,dc=com AuthLDAPBindPassword ldapviewer_password AuthLDAPURL "ldap://dc.domain.com:389/cn=Users,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)" </Directory> #private to IT Dept <Directory "/home/hosting/ldap.domain.com/htdocs/private"> AuthName "Special User Area" require group OU=ITStaff,OU=StaffAccounts,DC=domain,DC=com </Directory> # CGI Handling ScriptAlias /cgi-bin/ /home/hosting/ldap.domain.com/cgi/ <Location /cgi-bin> Options +ExecCGI </Location> # Logfiles ErrorLog /home/hosting/ldap.domain.com/logs/error.log CustomLog /home/hosting/ldap.domain.com/logs/access.log combined </VirtualHost> i dont know how to properly test it but what i am trying to achive for this test is to only grant access to the ITStaff group to the private folder. the error i get from /home/hosting/ldap.domain.com/logs/error.log is as follows. [Thu Oct 12 20:35:39 2006] [warn] [client 192.168.4.13] [5021] auth_ldap authenticate: user ldapviewer authentication failed; URI /private [LDAP: ldap_simple_ bind_s() failed][Invalid credentials] [Thu Oct 12 20:31:53 2006] [warn] [client 192.168.4.13] [4993] auth_ldap authenticate: user server authentication failed; URI /private [LDAP: ldap_simple_bind _s() failed][Invalid credentials] above are the attempts i tried. one being an account in the ITStaff OU and the other being the ldapviewer account which i created to be able to read AD. i read that a basic restricted account is required to read AD in order to run queries. as far as i'm aware the mod_ldap module is loaded but i'm not 100% sure. i've read on LQ that there are a few people that have already done this. however I have been unable to complete the task though those forums. any advice would be greatly appreciated. thanks |
Did you get it to work?
I need to authenticate to AD via LDAP using a AD group. I tried a lot of possile combinatios, nothing worked. Cheers |
All times are GMT -5. The time now is 04:28 PM. |