Monday, November 25, 2013

Apache Active Directory authentication

If your Linux server is setup with AD authentiction you can add Apache AD auth as well.


AD LDAP authentication

Install OpenLDAP packages: 
yum -y install openldap-clients openldap-devel


Comment everything from /etc/openldap/ldap.conf except the following line:




TLS_REQCERT never




Make sure that you can run a simple LDAP query against domaincontroller.yourdomain.com




ldapsearch -x -LLL -D 'Igor Grinkin' -H ldaps://domaincontroller.yourdomain.com -W -b "CN=Domain Admins,CN=Users,DC=corp,DC=yourdomain,DC=com" -L cn=*









Modify vhost.





<Directory "/usr/share/icinga/">
   Options None
   AllowOverride All
   Order allow,deny
   Allow from all
   AuthName "Please enter your Corp AD credentials"
   AuthType Basic
   AuthLDAPURL "ldap://domaincontroller.yourdomain.com:389/OU=YourDomain,DC=corp,DC=domaincontroller,DC=com?samAccountName?sub?(objectCategory=person)"
   AuthLDAPBindDN "cn=joinaccount,CN=Users,DC=corp,DC=yourdomain,DC=com"
   AuthLDAPBindPassword "joinaccount password"
   AuthBasicProvider ldap
   AuthzLDAPAuthoritative off
   Require valid-user
</Directory>














Posted by



at







































No comments:











Post a Comment







        

      









Subscribe to:
Post Comments (Atom)