All Linux HowTo's Security HowTo's

Apache with LDAP authentication (Active Directory)

Apache has the ability to restrict access to websites (and sub directories within websites) based on users within Active Directory. Apache can also require that users be in a specific group. EG, if Sally exists in AD, she can log into the Apache served website.

<VirtualHost *:80>

 <Location />
  AuthBasicProvider ldap
  AuthType Basic
  AuthName "Sample Realm"
  AuthLDAPURL "ldap://ldap.mydomain.local:389/DC=mydomain,DC=local?sAMAccountName?sub?(objectClass=*)"
  AuthzLDAPAuthoritative off
  AuthLDAPBindDN "[email protected]"
  AuthLDAPBindPassword "MyPassword"
  AuthLDAPGroupAttributeIsDN on
  require valid-user
  #Consider restricting to a group
  #require ldap-group CN=apache_auth_users,OU=mydomain,DC=local

 LogLevel debug
 ServerAdmin [email protected]
 DocumentRoot /var/www/html/mywebsite
 ServerName mywebsite.local
 ErrorLog logs/mywebsite.logs
 CustomLog logs/mywebsite.logs common

You must make sure you have enabled the “mod_authnz_ldap” module which is enabled by default on a Red Hat Enterprise Linux server.

Similar Posts:

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.