Hi Guys
I would like to get my Linux box authenticate users via Active directory and allow access to group of users. Currently, it is working great but... not as I wanted. See my httpd.conf below:
Code:
<Directory "/var/www/cgi-bin">
Order allow,deny
Allow from all
AuthzLDAPAuthoritative off
AuthType Basic
AuthName "USE YOUR WINDOWS ACCOUNT"
AuthBasicProvider ldap
AuthLDAPBindDN "user2bind@example.com"
AuthLDAPBindPassword "pass"
AuthLDAPURL "ldap://LinuxIP:3268/?sAMAccountName?sub?(objectClass=*)"
# member of group
Require ldap-group CN=dev_team,OU=Groups,OU=state,OU=Organization,DC=example,DC=com
AuthUserFile /dev/null
Require valid-user
</Directory>
I just would like to user authenticate against AD w/o using specific binding account in order to do ldap query for user existence.
I mean basically that when user gets credential dialog, the server will attempt to bind with his provided DN format and not the permanent one I'm using at the moment (under "AuthLDAPBindDN" / "AuthLDAPBindPassword" )
btw, I'm on Apache server 2.2.
Thanks !