[Gllug] Authentication in apache2 against a Windows domain

Joel Bernstein joel at fysh.org
Thu Jun 30 09:51:30 UTC 2005


On Thu, Jun 30, 2005 at 10:39:42AM +0100, Jon Dye wrote:
> Hi,
> 
> Does anyone know if it is possible to setup apache to authenticate users 
> against a Windows domain controller?

Are you running Apache 2.x or 1.3.x?

There's mod_ntlm, which IIRC is apache 1.x only but can auth against 
your SMB password database in the same way as IIS can.

Do you run a Win2k+ domain with Active Directory for user auth? If so,
remember that AD is just an LDAP schema. So you could use mod_auth_ldap
or mod_auth_pam to auth against this.

auth_ldap against Active Directory would be your best option I think.
To get this working, first install mod_ldap and mod_auth_ldap into
Apache.

Then add to your httpd.conf something like:

AuthLDAPAuthoritative on
AuthType Basic
Order allow,deny
Allow from all
	
AuthName \"Restricted Area\"
AuthLDAPBindDN \"CN=yourserviceacct,OU=yourOU,DC=ad,DC=uiuc,DC=edu\"
AuthLDAPBindPassword yoursecretpassword
	
AuthLDAPURL
ldap://yourldapserver:/OU=Organization,DC=ad,DC=yourADdomain?sAMAccountName?sub?(objectclass=*)
	
require valid-user

You should be able to get LDAPS [LDAP over SSL] working if you need that
extra security.

/joel
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list