All Linux HowTo's Security HowTo's

Apache with LDAP authentication (Active Directory)

Apache has the ability to restrict access to websites (and sub directories within websites) based on users within Active Directory. Apache can also require that users be in a specific group. EG, if Sally exists in AD, she can log into the Apache served website.

<VirtualHost *:80>

 <Location />
  AuthBasicProvider ldap
  AuthType Basic
  AuthName "Sample Realm"
  AuthLDAPURL "ldap://ldap.mydomain.local:389/DC=mydomain,DC=local?sAMAccountName?sub?(objectClass=*)"
  AuthzLDAPAuthoritative off
  AuthLDAPBindDN "apache_auth_user@mydomain.local"
  AuthLDAPBindPassword "MyPassword"
  AuthLDAPGroupAttributeIsDN on
  require valid-user
  #Consider restricting to a group
  #require ldap-group CN=apache_auth_users,OU=mydomain,DC=local
</Location>

 LogLevel debug
 ServerAdmin support@agix.local
 DocumentRoot /var/www/html/mywebsite
 ServerName mywebsite.local
 ErrorLog logs/mywebsite.logs
 CustomLog logs/mywebsite.logs common
</VirtualHost>

You must make sure you have enabled the “mod_authnz_ldap” module which is enabled by default on a Red Hat Enterprise Linux server.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.