LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-26-2015, 01:59 AM   #1
NdAd
LQ Newbie
 
Registered: Jul 2010
Posts: 18

Rep: Reputation: 0
LDAP bind against Active Directory (no DN searching)


Hi Guys

I would like to get my Linux box authenticate users via Active directory and allow access to group of users. Currently, it is working great but... not as I wanted. See my httpd.conf below:

Code:
<Directory "/var/www/cgi-bin">
    Order allow,deny
    Allow from all
    AuthzLDAPAuthoritative off
    AuthType Basic
    AuthName "USE YOUR WINDOWS ACCOUNT"
    AuthBasicProvider ldap
 AuthLDAPBindDN "user2bind@example.com"
 AuthLDAPBindPassword "pass"
    AuthLDAPURL "ldap://LinuxIP:3268/?sAMAccountName?sub?(objectClass=*)"
    # member of group
    Require ldap-group CN=dev_team,OU=Groups,OU=state,OU=Organization,DC=example,DC=com
    AuthUserFile /dev/null
    Require valid-user
</Directory>
I just would like to user authenticate against AD w/o using specific binding account in order to do ldap query for user existence.

I mean basically that when user gets credential dialog, the server will attempt to bind with his provided DN format and not the permanent one I'm using at the moment (under "AuthLDAPBindDN" / "AuthLDAPBindPassword" )

btw, I'm on Apache server 2.2.

Thanks !

Last edited by NdAd; 02-26-2015 at 02:01 AM.
 
Old 02-26-2015, 10:37 AM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 11,201
Blog Entries: 4

Rep: Reputation: 4123Reputation: 4123Reputation: 4123Reputation: 4123Reputation: 4123Reputation: 4123Reputation: 4123Reputation: 4123Reputation: 4123Reputation: 4123Reputation: 4123
As far as I am aware, you must use some kind of binding-account in order to do anything-at-all with LDAP. I suspect that this is mostly so that assholes third-parties can't pummel the server with requests and/or find out things that they properly don't need to know. It's actually okay for the server to be politely asking, "who wants to know?" before divulging its secrets . . .
 
Old 02-26-2015, 12:27 PM   #3
NdAd
LQ Newbie
 
Registered: Jul 2010
Posts: 18

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by sundialsvcs View Post
As far as I am aware, you must use some kind of binding-account in order to do anything-at-all with LDAP. I suspect that this is mostly so that assholes third-parties can't pummel the server with requests and/or find out things that they properly don't need to know. It's actually okay for the server to be politely asking, "who wants to know?" before divulging its secrets . . .

First, thanks for your reply.

I understand what you mean but the thing is I have other box with Cacti software for monitoring and there I specifically check "no searching mode" and put DN format to bind with and that's it. Didn't specify any binding account at all and it's working like a charm! How do you think is that ? As I see this, when server wants to communicate with AD (for checking account existence) it will just use the account being entered by the user for authentication only. So I believe there's a way to do so, just I'm not sure how.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
unable to get ldap to bind to Active Directory server, but am able to ldapsearch kcorupe Linux - Server 2 08-03-2012 02:57 AM
[SOLVED] BIND + MS Active Directory ozk4r Linux - Enterprise 0 06-05-2006 06:31 PM
Fedora Core 4 and Wnidows Server 2003 Active Directory LDAP Bind Error cbtg2006 Linux - Networking 1 04-21-2006 06:50 AM
Active Directory Using Only BIND 9.2.3 pbb6275 Linux - Networking 0 01-18-2004 04:47 PM
Bind and Active Directory Touchstone Linux - Networking 0 01-08-2002 08:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration