- Apache 2 (2.2.9) on Windows;
- MS Windows 2003 Server as Domain Controller;
- Active Directory.
I have succeeded with the next steps.
1. Create new active directory user in your domain with no specific rights (but not guest). For example, you give him name "ldap_query" and password "ldap_pass".
2. Edit your httpd.conf:
a) enable mod_authnz_ldap and mod_ldap
b) make your Directory section look like this (read the comments inside for explanation):
<Directory "D:/Your/Restricted/Web/Directory">
Options ExecCGI FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# now specify authentication type. We will use LDAP
AuthType Basic
AuthBasicProvider ldap
AuthName "Hello, use your Windows username and password"
# the next two lines describe how Apache should connect to LDAP.
# Active Directory doesn't allow anonymous access. This is where
# our ldap_query user plays.
AuthLDAPBindDN "ldap_query@your-domain-name"
AuthLDAPBindPassword "ldap_pass"
# now tell Apache where LDAP server is. It's probably the most difficult config line.
# note that we are connecting to 3268 port, though standard LDAP port is 389.
# Maybe it will work for you on port 389 too (in this case you can omit the port number).
# Well, assume your domain is your.domain.com, then
AuthLDAPURL "ldap://your-domain-controller-IP-address:3268/dc=your, dc=domain, dc=com?sAMAccountName?sub?(objectClass=*)"
AuthzLDAPAuthoritative Off
# Any user with valid credentials will be allowed.
Require valid-user
</Directory>
3. Restart Apache. It should be working now.
See Apache/logs/errors.log if something goes wrong.
Hope this helps.
No comments:
Post a Comment