[rhn-users] httpd/mod_authz_ldap authentication against Active Directory
Carl Riches
riches at ms.washington.edu
Wed Oct 5 17:54:28 UTC 2005
On Wed, 5 Oct 2005, Alex Roberts wrote:
> Is anyone using mod_authz_ldap to authenticate users using MS Active
> Directory?
I did some testing with this, but ended up using PHP.
>
> My mod_authz_ldap config is this:
>
> <IfModule mod_authz_ldap.c>
>
> <Location /chat>
>
> AuthName "Web Chat"
> AuthzLDAPLogLevel debug
> AuthzLDAPEngine on
> AuthzLDAPSetAuthorization on
> AuthType Basic
> AuthzLDAPServer "lccnsxxx.americas.armstrong.com:389"
> AuthzLDAPUserBase "dc=americas,dc=armstrong,dc=com"
> AuthzLDAPBindDN "cn=_anonymous,cn=Users,dc=americas,dc=armstrong,dc=com"
> AuthzLDAPBindPassword "password"
> AuthzLDAPUserKey sAMAccountName
> AuthzLDAPUserScope subtree
> require valid-user
> Order deny,allow
>
> </Location>
> </IfModule>
>
I didn't change the mod_authz.conf file. Rather I tested things by
modifying my personal .htaccess file. It looked like this:
# Carl Riches web pages
# access control file
# turn on SSL encription
SSLRequireSSL
# I want to authenticate via LDAP/Active Directory
AuthzLDAPEngine on
# Set the authentication type and header
AuthName "Carl's web pages"
AuthType Basic
# Set the LDAP/AD authentication server
AuthzLDAPServer tripel.mscc.washington.edu:389
# "bind" to the LDAP directory (Windows AD) using a distinguished name (DN)
# build the DN from the UserBase string and the UserKey. A user name is
# a "CN" or common name. You can look this up using the csvde.exe command
# on a MS Windows server.
AuthzLDAPUserBase "CN=Users,DC=mscc,DC=washington,DC=edu"
AuthzLDAPUserKey cn
AuthzLDAPUserScope base
# force a login
require valid-user
Hope this helps,
Carl
Carl G. Riches
Software Engineer
Department of Mathematics
Box 354350 voice: 206-543-5082 or 206-616-3636
University of Washington fax: 206-543-0397
Seattle, WA 98195-4350 internet: riches at ms.washington.edu
More information about the rhn-users
mailing list