[users@httpd] authenticate apache using mod_auth_ldap without prompting for password

[Mark Fee <ma...@manning.nottingham.sch.uk>]

I have a debian sarge server running apache2 with mod_auth_ldap. I am 
authenticating against Active Directory on a Win2K server.
I have managed to get this working, but the user has to type in a user 
name and password. All the users are browsing from Win2K or XP boxes, 
which are all running identd.

Is it possible to use identd to grab the user name and use it to perform 
an LDAP lookup, without the browser (IE or Mozilla) prompting for user 
name and password.

If so is it safe to assume that if identd passes a uid then that is the 
correct windows user. I am operating within a secure network, so am not 
worried about an outside attack, but could a student send a staffs uid 
via an ident hack and gain access.

I could do this using php / perl to check before serving pages, but I'd 
prefer to do it via apache and keep the web pages simple.

Thanks,

Mark F


**** MY .htaccess file
AuthType Basic
AuthName "Test Authentication"

# DN of Active Directory server
AuthLDAPURL ldap://server/DC=server=uk?sAMAccountName

AuthLDAPBindDN "CN=ldap_lookup,OU=SysUsers,DC=myDC"
AuthLDAPBindPassword "xxxxxxxxx"

### currently only require valid user,
### will replace with group lookup later
require valid-user


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org