Apache Active Directory Authentication

By makeaweli

January 21, 2011 - 1 minutes read - 107 words

AD and apache don’t play too well.

Make sure you have the following modules installed:

mod_ldap
mod_authz_ldap The following will allow you to authenticate all members of the Web Group:

AuthBasicProvider ldap AuthType Basic Order Allow,Deny Allow From All AuthName “Use your Active Directory account to login”

AuthLDAPURL “ldap://xxx.xxx.edu:3268/CN=Users,DC=xxx,DC=edu?sAMAccountName?sub?(objectClass=*)”

AuthLDAPBindDN xxx@xxx.edu AuthLDAPBindPassword “xxx” AuthLDAPGroupAttributeIsDN On

require ldap-group CN=Engineering - Web Group,CN=Users,DC=xxx,DC=edu </Location>

If you would like to authenticate all valid gemini users, replace <kbd>require ldap-group</kbd> with require valid-user. It is also possible to authenticate on a per user basis using <kbd>require ldap-user</kbd>.

### Resources

  * [Apache and Subversion authentication with Microsoft Active Directory][1]
  * [Apache Module mod\_authnz\_ldap][2]