Apache Active Directory LDAP Authentification

With the authnz_ldap module apache is able to perform HTTP authentication trought an ldap directory server. This documentation explains the activation and configuration of this module in Debian Wheezy.

First activate the apache module authnz_ldap

Now you can configure ldap authentication in the apache configuration. The example below shows an ldap authentication for the directory /var/www/protected.

AuthLDAPBindDN “cn=myldapuser,ou=Security Users,dc=homelinux,dc=local”

User to use for the bind, in this case username is myldapuser and the user is located in the organisation unit “Security Users” in the domain component “homelinux.local”.

AuthLDAPBindPassword “verysecretpassword”

Password for the bind user

AuthLDAPURL “ldap://homelinux.local/ou=Managment,ou=Homelinux,dc=homelinux,dc=local?sAMAccountName”

Sets the ldap search parameters, in this case the ldap host is homelinux.local and the basedn is “ou=Managment,ou=Homelinux,dc=homelinux,dc=local”, the attrubte to search for is “sAMAccount”, that’s the logon name on windows ldap directory (active directory). Check the mod_authnz_ldap documentation for more information.

Require ldap-group CN=Managment,OU=Homelinux,DC=homelinux,DC=local

This directive specifies the ldap group whose members are allowed to access. In this case the group is “Managment” located in the organisation unit “Homelinux” in the domain component “homelinux.local”




Leave a Reply