Apache has the ability to restrict access to websites (and sub directories within websites) based on users within Active Directory. Apache can also require that users be in a specific group. EG, if Sally exists in AD, she can log into the Apache served website.
<VirtualHost *:80> <Location /> AuthBasicProvider ldap AuthType Basic AuthName "Sample Realm" AuthLDAPURL "ldap://ldap.mydomain.local:389/DC=mydomain,DC=local?sAMAccountName?sub?(objectClass=*)" AuthzLDAPAuthoritative off AuthLDAPBindDN "[email protected]" AuthLDAPBindPassword "MyPassword" AuthLDAPGroupAttributeIsDN on require valid-user #Consider restricting to a group #require ldap-group CN=apache_auth_users,OU=mydomain,DC=local </Location> LogLevel debug ServerAdmin [email protected] DocumentRoot /var/www/html/mywebsite ServerName mywebsite.local ErrorLog logs/mywebsite.logs CustomLog logs/mywebsite.logs common </VirtualHost>
You must make sure you have enabled the “mod_authnz_ldap” module which is enabled by default on a Red Hat Enterprise Linux server.