Mailing List Archive: Apache: Users

authentication against active directory.

Index | Next | Previous | View Threaded

cfmx07 at yahoo

Nov 19, 2009, 11:52 AM

Post #1 of 5 (524 views)
Permalink

authentication against active directory.

Hi,

I have a web site which I would want to allow only users after authenticating them against our Active Directory. I wanted to place .htaccess file in the main web folder

1. Do I need to install "mod_authz_ldap" module ? And is there any other module which I would need to install ?

2. Also what should I mention in .htaccess file to ask it to authenticate users against my Active Directory ?

Thank you.

cfmx07 at yahoo

Nov 20, 2009, 6:19 AM

Post #2 of 5 (486 views)
Permalink

Re: authentication against active directory. [In reply to]

Hello,

Any solution to this ??

Thank you

________________________________
From: Ramesh <cfmx07 [at] yahoo>
To: users [at] httpd
Sent: Thu, November 19, 2009 1:52:36 PM
Subject: authentication against active directory.

Hi,

I have a web site which I would want to allow only users after authenticating them against our Active Directory. I wanted to place .htaccess file in the main web folder

1. Do I need to install "mod_authz_ldap" module ? And is there any other module which I would need to install ?

2. Also what should I mention in .htaccess file to ask it to authenticate users against my Active Directory ?

Thank you.

covener at gmail

Nov 20, 2009, 6:25 AM

Post #3 of 5 (484 views)
Permalink

Re: Re: authentication against active directory. [In reply to]

On Fri, Nov 20, 2009 at 9:19 AM, Ramesh <cfmx07 [at] yahoo> wrote:

> Hello,
>
> Any solution to this ??
>

Get normal file-based auhentication working first, then add configuration
for mod_authnz_ldap and change your AuthBasicProvider to use it.
http://httpd.apache.org/docs/2.2/howto/auth.html
http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html

--
Eric Covener
covener [at] gmail

simon.walter at hokkaidotracks

Nov 22, 2009, 4:48 PM

Post #4 of 5 (462 views)
Permalink

Re: authentication against active directory. [In reply to]

Ramesh wrote:
> Hi,
>
> I have a web site which I would want to allow only users after
> authenticating them against our Active Directory. I wanted to place
> .htaccess file in the main web folder
>
> 1. Do I need to install "mod_authz_ldap" module ? And is there any
> other module which I would need to install ?
>
> 2. Also what should I mention in .htaccess file to ask it to
> authenticate users against my Active Directory ?
>
> Thank you.
>
>
>
Hi Ramesh,

You need to configure Apache to authenticate against your AD and this
has nothing to do with an .htaccess file. Yes, you need mod_authnz_ldap
and also mod_ldap. There are quite a few HOWTO type documents for doing
this on the web and describe this process fairly well. What I'd like to
do is authenticate over an encrypted TCP/IP session like SSL. I haven't
managed to get that working yet. Here the relative section of my Apache
vhost conf for non-SSL auth with AD:

...
<Location /projects>
...
Order deny,allow
Deny from all
Allow from all
AuthType Basic
AuthName "***"
AuthBasicProvider "ldap"
AuthLDAPURL
"ldap://***:3268/DC=***,DC=***?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN "***@***.***"
AuthLDAPBindPassword "***"
AuthzLDAPAuthoritative Off
require valid-user
</Location>
...

peter.de.groot at det

Nov 24, 2009, 5:54 PM

Post #5 of 5 (424 views)
Permalink

Re: authentication against active directory. [In reply to]

Have you had a look at ntlm auth

That is what I use.. and it works well.

I had to compile it myself though

<Files oncampuslogin.php>
AuthName "NTLM Authentication"
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on
AuthType NTLM
require valid-user
</Files>

Simon Walter wrote:

Ramesh wrote:
Hi,

I have a web site which I would want to allow only users after authenticating them against our Active Directory. I wanted to place .htaccess file in the main web folder

1. Do I need to install "mod_authz_ldap" module ? And is there any other module which I would need to install ?

2. Also what should I mention in .htaccess file to ask it to authenticate users against my Active Directory ?

Thank you.

Hi Ramesh,

You need to configure Apache to authenticate against your AD and this has nothing to do with an .htaccess file. Yes, you need mod_authnz_ldap and also mod_ldap. There are quite a few HOWTO type documents for doing this on the web and describe this process fairly well. What I'd like to do is authenticate over an encrypted TCP/IP session like SSL. I haven't managed to get that working yet. Here the relative section of my Apache vhost conf for non-SSL auth with AD:

...
<Location /projects>
...
Order deny,allow
Deny from all
Allow from all
AuthType Basic
AuthName "***"
AuthBasicProvider "ldap"
AuthLDAPURL "ldap://***:3268/DC=***,DC=***?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN "***@***.***"
AuthLDAPBindPassword "***"
AuthzLDAPAuthoritative Off
require valid-user
</Location>
...

--
http://egc.wa.edu.au"]
Peter de Groot
Eastern Goldfields College
Kalgoorlie 6430
Department of Education and Training
Phone 90801800 Fax 90801866 Mob 0418915312
http://det.wa.edu.au"]

Attachments:

EGC_logo.gif (2.29 KB)

COLOUR DEPT LOGO Landscape_email.gif (7.35 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads