Monday, November 25, 2013

Apache Active Directory authentication

If your Linux server is setup with AD authentiction you can add Apache AD auth as well.


AD LDAP authentication

Install OpenLDAP packages: 
yum -y install openldap-clients openldap-devel


Comment everything from /etc/openldap/ldap.conf except the following line:




TLS_REQCERT never




Make sure that you can run a simple LDAP query against domaincontroller.yourdomain.com




ldapsearch -x -LLL -D 'Igor Grinkin' -H ldaps://domaincontroller.yourdomain.com -W -b "CN=Domain Admins,CN=Users,DC=corp,DC=yourdomain,DC=com" -L cn=*









Modify vhost.





<Directory "/usr/share/icinga/">
   Options None
   AllowOverride All
   Order allow,deny
   Allow from all
   AuthName "Please enter your Corp AD credentials"
   AuthType Basic
   AuthLDAPURL "ldap://domaincontroller.yourdomain.com:389/OU=YourDomain,DC=corp,DC=domaincontroller,DC=com?samAccountName?sub?(objectCategory=person)"
   AuthLDAPBindDN "cn=joinaccount,CN=Users,DC=corp,DC=yourdomain,DC=com"
   AuthLDAPBindPassword "joinaccount password"
   AuthBasicProvider ldap
   AuthzLDAPAuthoritative off
   Require valid-user
</Directory>














Posted by



at





No comments:
  


































          

        

          

        

Monday, November 04, 2013


          

        

















Chef OS versions fork 

On CentOS-5.8 the service is portmap.  In CentOS-6.4 it got obsolete and replaced by rpcbind.  Here is the case statement for Chef.





# Start portmap or rpcbind
service "port" do
  case node["platform_version"]
    when "5.8"
      service_name "portmap"
    when "6.4"
      service_name "rpcbind"
  end
  action [ :start, :enable ]
end











Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)