[Gllug] Authentication in apache2 against a Windows domain
Joel Bernstein
joel at fysh.org
Thu Jun 30 09:51:30 UTC 2005
On Thu, Jun 30, 2005 at 10:39:42AM +0100, Jon Dye wrote:
> Hi,
>
> Does anyone know if it is possible to setup apache to authenticate users
> against a Windows domain controller?
Are you running Apache 2.x or 1.3.x?
There's mod_ntlm, which IIRC is apache 1.x only but can auth against
your SMB password database in the same way as IIS can.
Do you run a Win2k+ domain with Active Directory for user auth? If so,
remember that AD is just an LDAP schema. So you could use mod_auth_ldap
or mod_auth_pam to auth against this.
auth_ldap against Active Directory would be your best option I think.
To get this working, first install mod_ldap and mod_auth_ldap into
Apache.
Then add to your httpd.conf something like:
AuthLDAPAuthoritative on
AuthType Basic
Order allow,deny
Allow from all
AuthName \"Restricted Area\"
AuthLDAPBindDN \"CN=yourserviceacct,OU=yourOU,DC=ad,DC=uiuc,DC=edu\"
AuthLDAPBindPassword yoursecretpassword
AuthLDAPURL
ldap://yourldapserver:/OU=Organization,DC=ad,DC=yourADdomain?sAMAccountName?sub?(objectclass=*)
require valid-user
You should be able to get LDAPS [LDAP over SSL] working if you need that
extra security.
/joel
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list