Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@alivesay
Created April 6, 2017 22:44
Show Gist options
  • Star 7 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save alivesay/b81cd86457a1590e0cfd49725494056c to your computer and use it in GitHub Desktop.
Save alivesay/b81cd86457a1590e0cfd49725494056c to your computer and use it in GitHub Desktop.
Apache reverse proxy with LDAP authentication against multiple Active Directory domains
<AuthnProviderAlias ldap auth1>
AuthLDAPURL "ldaps://auth1.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldap_query"
AuthLDAPBindPassword "password"
</AuthnProviderAlias>
<AuthnProviderAlias ldap auth2>
AuthLDAPURL "ldaps://auth2.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldap_query"
AuthLDAPBindPassword "password"
</AuthnProviderAlias>
<AuthnProviderAlias ldap auth3>
AuthLDAPURL "ldaps://auth3.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldap_query"
AuthLDAPBindPassword "password"
</AuthnProviderAlias>
<VirtualHost *:80>
ServerName proxy.example.com
ServerAdmin webmaster@example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://proxy.example.com
</VirtualHost>
<VirtualHost _default_:443>
ServerName proxy.example.com
ServerAdmin webmaster@example.com
SSLProxyEngine On
ProxyRequests Off
#SSLProxyVerify none
#SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
<Location />
ProxyPreserveHost On
ProxyPass https://backend.example.com:443/ nocanon
ProxyPassReverse https://backend.example.com:443/
SSLRequireSSL
AuthType Basic
AuthBasicProvider auth1 auth2 auth3
AuthName "Example"
Require valid-user
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/proxy_example_com.pem
SSLCertificateKeyFile /etc/ssl/private/proxy_example_com.key
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
@markandaymaurya
Copy link

ldap authetication is not wirking .it asking for the user name and password when trying to access from the client machine . but when giving the active directory user name and password it given "internal server error "
can yuu help on this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment