You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Mark H. Wood" <mw...@IUPUI.Edu> on 2009/03/02 15:42:47 UTC
Re: [users@httpd] Re: Confused about LDAP authentication with
Active Directory
I've forgotten whether there was some special complicating factor in
the original request. This works here with 2.2.10:
AuthType Basic
AuthBasicProvider ldap
AuthName "ADS"
AuthBasicAuthoritative On
AuthLDAPURL "ldap://domain controller list/ou=Accounts,dc=ads,dc=iu,dc=edu?CN?one" STARTTLS
AuthLDAPBindDN "CN=initial bind user,OU=IN-ULib,OU=Accounts,DC=ads,DC=iu,DC=edu"
AuthLDAPBindPassword "secret password here"
AuthzLDAPAuthoritative Off
AuthLDAPGroupAttribute member
Require ldap-group cn=IN-ULib-Admins,ou=IN-ADMINS,ou=IN,dc=ADS,dc=IU,dc=Edu
I'm sure that some of that is debris from trying various things to
make it work, which I'm now scared to touch. :-/ Adjust the Require
directive, "domain controller list", "initial bind user", "secret
password here" and various DNs as needed.
--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
Friends don't let friends publish revisable-form documents.
[users@httpd] Re: Confused about LDAP authentication with Active Directory
Posted by Ed Avis <ed...@waniasset.com>.
Mark H. Wood <mwood <at> IUPUI.Edu> writes:
>I've forgotten whether there was some special complicating factor in
>the original request.
Probably not - just my inability to translate the directory structure as seen in
the browser into a query string. But in the end I found that Apache2::MSAD does
the job with a lot less fuss by just sending the username and password straight
to Active Directory (no searches needed).
Since I just want to authenticate, and not grant permissions based on Windows
user groups, this works perfectly. See
<http://article.gmane.org/gmane.comp.apache.user/82644>.
--
Ed Avis <ed...@waniasset.com>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org