Monday, July 24, 2006
Apache 2.2 - Active Directory authentication
Using ldap_module for Apache to authenticate against an Active Directory Server
I recently configured our intranet site to use Active Directory for authentication/authorization. Though I found a number of conflicting mail threads, postings on the web, here's the configuration that worked for me. I was doing this with my Apache server on Windows 2003, however it would also apply to an apache installation on linux just as is.
First load the two apache modules required for ldap authentication:
LoadModule ldap_module modules/util_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so
Now edit your httpd.conf file as follows.
Simply change the lines in bold according to your environment.
Deny from all
# This must be set to off for the ldap "require valid-user" directive to work.
# Do basic password authentication in the clear
# The name of the protected area or "realm"
AuthName "Secured Area"
# Active Directory requires an authenticating DN to access records
AuthLDAPBindDN "CN=Existing User,CN=users,DC=yourcompany,DC=com"
# This is the password for the AuthLDAPBindDN user in Active Directory
# The LDAP query URL