Configure Apache 2.2 to authenticate against OpenLDAP or Active Directory

From Notes

Sample AD config:

LDAPTrustedMode SSL
LDAPTrustedGlobalCert CA_BASE64 /etc/pki/tls/certs/ms_cert.pem
LDAPVerifyServerCert Off

Alias /adauth /var/www/html/adauth

<Directory "/var/www/html/adauth">
 SSLRequireSSL
 Options None
 AllowOverride AuthConfig
 Allow from all
 AuthName "AD Auth Access"
 AuthType Basic
 AuthBasicProvider ldap
 AuthLDAPUrl "ldaps://adauth.example.org/ou=Org,dc=example,dc=org?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))"
 AuthLDAPBindDN "CN=AD Service Account,OU=service accounts,ou=Org,dc=example,dc=org"
 AuthLDAPBindPassword "password"
 AuthzLDAPAuthoritative off
 require valid-user
</Directory>

Note that if you are using require ldap-* you should set AuthzLDAPAthoritative to on so that control is not passed to mod_authz_user.

References

http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html

Configure Apache 2.2 to authenticate against OpenLDAP or Active Directory

From Notes

Views

Personal tools

Navigation

Search

Toolbox