Apache Active Directory Authentication

2162949251_6a6b9bef6d_o

AD and apache don’t play too well.

Make sure you have the following modules installed:

  • mod_ldap
  • mod_authz_ldap

The following will allow you to authenticate all members of the Web Group:

<Location /phpmyadmin>
AuthBasicProvider ldap
AuthType Basic
Order Allow,Deny
Allow From All
AuthName "Use your Active Directory account to login"

AuthLDAPURL "ldap://xxx.xxx.edu:3268/CN=Users,DC=xxx,DC=edu?sAMAccountName?sub?(objectClass=*)"

AuthLDAPBindDN xxx@xxx.edu
AuthLDAPBindPassword "xxx"
AuthLDAPGroupAttributeIsDN On

require ldap-group CN=Engineering - Web Group,CN=Users,DC=xxx,DC=edu
</Location> 

If you would like to authenticate all valid gemini users, replace require ldap-group with require valid-user. It is also possible to authenticate on a per user basis using require ldap-user.

Resources