Monday, July 24, 2006

Apache 2.2 - Active Directory authentication

Using ldap_module for Apache to authenticate against an Active Directory Server

I recently configured our intranet site to use Active Directory for authentication/authorization. Though I found a number of conflicting mail threads, postings on the web, here's the configuration that worked for me. I was doing this with my Apache server on Windows 2003, however it would also apply to an apache installation on linux just as is.
First load the two apache modules required for ldap authentication:

LoadModule ldap_module modules/
LoadModule auth_ldap_module modules/

Now edit your httpd.conf file as follows.
Simply change the lines in bold according to your environment.

<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Satisfy all
AuthBasicProvider ldap
# This must be set to off for the ldap "require valid-user" directive to work.
AuthzLDAPAuthoritative off
# Do basic password authentication in the clear
AuthType Basic
# The name of the protected area or "realm"
AuthName "Secured Area"
# Active Directory requires an authenticating DN to access records
AuthLDAPBindDN "CN=Existing User,CN=users,DC=yourcompany,DC=com"
# This is the password for the AuthLDAPBindDN user in Active Directory
AuthLDAPBindPassword "yourPasswordInClearText"
# The LDAP query URL
AuthLDAPURL "ldap://myADServer:389/cn=Users,dc=myCompany,dc=com?sAMAccountName?sub?(objectClass=user)"
require valid-user

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?