All Linux HowTo's Security HowTo's

Apache with LDAP authentication (Active Directory)

Share This:

Apache has the ability to restrict access to websites (and sub directories within websites) based on users within Active Directory. Apache can also require that users be in a specific group. EG, if Sally exists in AD, she can log into the Apache served website.

<VirtualHost *:80>

 <Location />
  AuthBasicProvider ldap
  AuthType Basic
  AuthName "Sample Realm"
  AuthLDAPURL "ldap://ldap.mydomain.local:389/DC=mydomain,DC=local?sAMAccountName?sub?(objectClass=*)"
  AuthzLDAPAuthoritative off
  AuthLDAPBindDN "apache_auth_user@mydomain.local"
  AuthLDAPBindPassword "MyPassword"
  AuthLDAPGroupAttributeIsDN on
  require valid-user
  #Consider restricting to a group
  #require ldap-group CN=apache_auth_users,OU=mydomain,DC=local
</Location>

 LogLevel debug
 ServerAdmin support@agix.local
 DocumentRoot /var/www/html/mywebsite
 ServerName mywebsite.local
 ErrorLog logs/mywebsite.logs
 CustomLog logs/mywebsite.logs common
</VirtualHost>

You must make sure you have enabled the “mod_authnz_ldap” module which is enabled by default on a Red Hat Enterprise Linux server.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *