OT: Apache Webpage authentication via MS AD

[McDougall, Marshall (FSH)]

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Paul Dwerryhouse
Sent: Wednesday, October 11, 2006 9:26 PM
To: redhat-list at redhat.com
Subject: Re: OT: Apache Webpage authentication via MS AD

On Wed, Oct 11, 2006 at 11:51:52AM -0500, McDougall, Marshall (FSH)
wrote:
> I want to secure a webpage running on an Apache 1.3.  I want to use MS
> active directory for authentication.  The AD is managed by an
outsourcer
> so I cannot change anything on that side.  I have looked at several
> Google results, but I have not seen one that jumps up and says that's
> the one.  

I believe active directory is just an LDAP server; how different it is
from regular LDAP, I don't know. But assuming it's similar, then you
should be able to use Apache's mod_auth_ldap to handle authentication.

Something like this in a Limit statement would probably do the trick:

AuthLDAPEnabled on
AuthLDAPURL
ldap://10.0.0.1/dc=domain,dc=com?uid?sub?(objectclass=person)
AuthLDAPBindDN cn=ldapuser,dc=domain,dc=com
AuthLDAPBindPassword s3cret
AuthType Basic
AuthName "MyPrivateArea"
AuthLDAPAuthoritative on
require valid-user

(where 10.0.0.1 is the IP address of the AD server, cn=ldapuser is a DN
that you can authenticate to the server with, and so on. I've never used
AD, so I have no idea what the format of these DNs will be. You'll
likely have to change the query options like uid and the objectclass).

Cheers,

Paul

-- 
Paul Dwerryhouse				| PGP Key ID: 0x6B91B584
========================================================================
A look at Ubuntu Server Edition:
http://nepotismia.com/review/ubuntu/server/6.06/


Thanks, Paul.  

Apache's mod_auth_ldap looks like it's only for Apache 2. The one at
http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html
keeps calling me back so I guess I'll start with that one and see what
that brings.

Regards, Marshall