http://blogs.dootdoot.com/mike

While browsing the Internet last night (avoiding doing my homework), I came across some useful information for Active Directory Authentication in Apache. While¬† I don’t have an immediate need or use for this, the idea is neat, so I thought I would save some code snippets for future use:

To allow users:

AuthType Basic
AuthName "Domain Credentials Required"
AuthBasicProvider ldap
AuthLDAPURL "ldap://your.domain.com:389/ou=SubContainer,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "cn=linux LDAP,ou=System Accounts,ou=Resources,dc=domain,dc=com"
AuthLDAPBindPassword "linux LDAP password"
AuthzLDAPAuthoritative off
Require valid-user

To allow specific users:

AuthType Basic
AuthName "Domain Credentials Required"
AuthBasicProvider ldap
AuthLDAPURL "ldap://your.domain.com:389/ou=SubContainer,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "cn=linux LDAP,ou=System Accounts,ou=Resources,dc=domain,dc=com"
AuthLDAPBindPassword "linux LDAP password"
AuthzLDAPAuthoritative on
Require ldap-user bob frank joe

To allow members of a group:

AuthType Basic
AuthName "Domain Credentials Required"
AuthBasicProvider ldap
AuthLDAPURL "ldap://your.domain.com:389/ou=SubContainer,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "cn=linux LDAP,ou=System Accounts,ou=Resources,dc=domain,dc=com"
AuthLDAPBindPassword "linux LDAP password"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN off
AuthzLDAPAuthoritative on
Require ldap-group "CN=Your Group,DC=domain,DC=com"
Require ldap-attribute memberOf="CN=Your Group,DC=domain,DC=com"

Comments

Leave a Reply