Problem autheticating Apache - LDAP - Active Directory using a AD group

Javier Palacios javiplx at gmail.com
Sun Nov 11 15:10:30 UTC 2007


On Nov 10, 2007 2:40 AM, Roderick Derks <redhat at r71.nl> wrote:
> Hi,
>
> Maybe someone overhere can help me with this issue. I'm trying to authenticate an apache website against an Active Directory LDAP service. I already got it working properly when I want to check if a user is in a certain container in the AD. But I want to change authentication using an AD group because users from other containers also need access.

If you're working against AD, the best you can do is to use kerberos
authentication instead of LDAP. The module for apache works perfectly,
and is much more powerful. You can, for example authenticate securely
by mean of kerberos credentials as you could do against an IIS server.

As far as I know, there is no problem stacking auth-kerberos with
ldap-authorization, you you can restrict access to members of
whichever AD group you want.

Javier Palacios




More information about the redhat-list mailing list