Skip to content

Instantly share code, notes, and snippets.

@shamil

shamil/apache_ldap_howto.md

Created October 9, 2013 12:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shamil/6900826 to your computer and use it in GitHub Desktop.
Save shamil/6900826 to your computer and use it in GitHub Desktop.
Download ZIP
Apache Active Directory Authentication howto
Raw
apache_ldap_howto.md

Apache Active Directory Authentication howto

Modules Needed

mod_authz_ldap

Install mod_authz_ldap

yum install mod_authz_ldap

Verify Apache Config has Needed Modules

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so

Apache Group LDAP Configuration (Active Directory Group Level Auth)

AuthBasicProvider ldap 
AuthzLDAPAuthoritative On
AuthLDAPURL ldap://10.128.28.3:3268/dc=xx,dc=com?sAMAccountName
AuthLDAPBindDN cn=anonbinduser,dc=xx,dc=com
AuthLDAPBindPassword secret
AuthType Basic
AuthName "Authorization required"
require ldap-group cn=elite,ou=xx,dc=xx,dc=com
AuthzLDAPLogLevel debug

Apache OU LDAP Configuration (Alternative OU Level Configuration)

  AuthName "Authorized Access Only"
  AuthType Basic
  AuthzLDAPMethod ldap
  AuthzLDAPServer 10.0.0.0:389
  AuthzLDAPBindDN "cn=anonbinduser,dc=xx,dc=com"
  AuthzLDAPBindPassword secret
  AuthzLDAPUserBase "OU=someOUwithUsersToAuthenticateAgainst,OU=xx,DC=xx,DC=com"
  AuthzLDAPUserKey sAMAccountName
  AuthzLDAPUserScope subtree

  require valid-user
  AuthzLDAPLogLevel debug
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment