You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Mark H. Wood" <mw...@IUPUI.Edu> on 2009/03/02 15:42:47 UTC

Re: [users@httpd] Re: Confused about LDAP authentication with Active Directory

I've forgotten whether there was some special complicating factor in
the original request.  This works here with 2.2.10:

AuthType                Basic
AuthBasicProvider       ldap
AuthName                "ADS"

AuthBasicAuthoritative  On

AuthLDAPURL		"ldap://domain controller list/ou=Accounts,dc=ads,dc=iu,dc=edu?CN?one" STARTTLS
AuthLDAPBindDN		"CN=initial bind user,OU=IN-ULib,OU=Accounts,DC=ads,DC=iu,DC=edu"
AuthLDAPBindPassword    "secret password here"
AuthzLDAPAuthoritative  Off
AuthLDAPGroupAttribute  member

Require ldap-group	cn=IN-ULib-Admins,ou=IN-ADMINS,ou=IN,dc=ADS,dc=IU,dc=Edu

I'm sure that some of that is debris from trying various things to
make it work, which I'm now scared to touch. :-/  Adjust the Require
directive, "domain controller list", "initial bind user", "secret
password here" and various DNs as needed.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
Friends don't let friends publish revisable-form documents.

[users@httpd] Re: Confused about LDAP authentication with Active Directory

Posted by Ed Avis <ed...@waniasset.com>.

Mark H. Wood <mwood <at> IUPUI.Edu> writes:

>I've forgotten whether there was some special complicating factor in
>the original request.

Probably not - just my inability to translate the directory structure as seen in
the browser into a query string.  But in the end I found that Apache2::MSAD does
the job with a lot less fuss by just sending the username and password straight
to Active Directory (no searches needed).

Since I just want to authenticate, and not grant permissions based on Windows
user groups, this works perfectly.  See
<http://article.gmane.org/gmane.comp.apache.user/82644>.

-- 
Ed Avis <ed...@waniasset.com>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org