//
you're reading...
Apache, howto, Linux, security, SSO

Authenicate Apache Against Active Directory (SSO) – Eponymous LDAP Bind

// Apache Module //
LoadModule authz_ldap_module modules/mod_authz_ldap.so
// Apache Module //

[Directory “/var/www/html”]

AuthType Basic

# What the users will see as a “title” of the login prompt:
AuthName “Domain Credentials Required”

# use plain LDAP authentication:
AuthzLDAPMethod ldap

# FQDN resolvable hostname (or IP) of the Windows
# AD domain controller:
AuthzLDAPServer 192.168.1.67

# Distinguished Name (DN) of the user that mod_authz_ldap should
# bind to the LDAP server as when searching for the domain user
# provided by the web client (Active Directory does not allow
# anonymous binds). Note, the cn attribute corresponds to the
# “Display Name” field of a user’s account in the Active Directory
# Users and Computers tool, not their login username:
AuthzLDAPBindDN “cn=pilio_ad1,cn=Users,dc=contoso,dc=msft”

# the BindDN user’s password:
AuthzLDAPBindPassword “xxxxx”

# LDAP Attribute where the user’s domain login username is stored in:
AuthzLDAPUserKey sAMAccountName

# Base DN to begin searching for users from in the LDAP:
AuthzLDAPUserBase “cn=Users,dc=contoso,dc=msft”

# Search in sub-containers below the UserBase DN if
# necessary (most likely):
AuthzLDAPUserScope subtree

# Require the username and password provided to be a valid
# user in the AD:
require valid-user

# log verbosity level:
AuthzLDAPLogLevel info

[/Directory]

Discussion

Comments are closed.

%d bloggers like this: