0ct0pu5/tutorials
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

0037: Setting Up LDAP Authenticated Directory in Apache HTTPD

Browse source
This commit is contained in:
i12bretro 2021-01-03 13:24:33 -05:00
parent 8b7542e9b3
commit 754e3775c4
1 changed files with 140 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

140
0037.html Normal file
View file

@ -0,0 +1,140 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Setting Up LDAP Authenticated Directory in Apache HTTPD</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
<script type="text/javascript">
$(function(){
$('textarea').each(function(i,e){
theTextarea = $(this);
theTextarea.height((theTextarea[0].scrollHeight-5) +'px');
});
$('li').each(function(i,e){
var uuid = 'li_' + Math.floor(Math.random() * Math.floor(1000000)).toString() + '_' + i.toString();
$(this).contents().wrap('<span id="'+ uuid +'"><label for="cb_'+ uuid +'"></label></span>');
$(this).prepend('<input type="checkbox" class="completeBox" id="cb_' + uuid +'" rel="'+ uuid +'" />')
});
$('code,div.codeBlock,textarea.codeBlock').each(function(i,e){
theElement = $(this);
var lines = theElement.html().split("\n");
theElement.empty();
for(l=0;l<lines.length;l++){
if($.trim(lines[l]) != '' && $.trim(lines[l]).substr(0,1) != '#' && $.trim(lines[l]).indexOf(' #') == -1 && lines[l].substr(0, 4).toUpperCase() != 'REM '){
theElement.append('<input type="image" src="images/clipboard.png" value="" class="copy-text" rel="copy_'+ i +'_'+ l +'" data-clipboard-text="'+ lines[l].replace(/"/g, '&quot;') +'" /><span id="copy_'+ i +'_'+ l +'">'+ lines[l] +'</span>');
} else {
theElement.append(lines[l]);
}
}
});
$(document).on('click','input.copy-text',function(){
theButton = $(this);
$('input.copy-text').attr('src','images/clipboard.png');
$('span.copy-animation').removeClass('copy-animation');
try {
$('#'+ theButton.attr('rel')).addClass('copy-animation');
navigator.clipboard.writeText(theButton.data('clipboard-text').replace(/<[^>]*>?/gm, ''));
theButton.attr('src','images/clipboard_active.png');
} catch(err) {
}
return false;
});
$(document).on('click','input.completeBox',function(){
theBox = $(this);
$('#'+ theBox.attr('rel')).addClass('strikethrough');
theBox.prop('disabled',true);
theBox.parent('li').prevAll().each(function(i,e){
theLI = $(this);
if(theLI.find('input[type=checkbox]').not(':checked')){
$('#'+ theLI.find('input[type=checkbox]').attr('rel')).addClass('strikethrough');
theLI.find('input[type=checkbox]').prop('checked',true).prop('disabled',true);
}
});
});
if(window.self !== window.top){
window.parent.$('iframe.stepsFrame').height((this['scrollingElement']['scrollHeight']+20) +'px');
}
});
</script>
<link href="css/steps.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="gridContainer">
<div class="topMargin"></div>
<div id="listName" class="topMargin">
<h1>Setting Up LDAP Authenticated Directory in Apache HTTPD</h1>
</div>
<div></div>
<div id="content">
<h2>Active Directory Setup</h2>
<ol>
<li>Open Active Directory Users and Computers</li>
<li>Expand the domain &gt; Users</li>
<li>Right Click Users &gt; New &gt; User</li>
<li>Create a read only account to use for LDAP binding<br />
First Name: Read<br />
Last Name: Only<br />
User logon name: readonly_svc</li>
<li>Click Next</li>
<li>Set the user&#39;s password and confirm it</li>
<li>Uncheck User must change password on next logon</li>
<li>Check User cannot change password</li>
<li>Check Password never expires</li>
<li>Click Next</li>
<li>Click Finish</li>
<li>Right Click Users &gt; New &gt; Group</li>
<li>Give the group a name and click OK</li>
<li>Right Click the newly created group &gt; Properties</li>
<li>Select the Members tab &gt; Click Add...</li>
<li>Add users that will be allowed access to the web application</li>
<li>Click OK</li>
</ol>
<h2>Configuring Apache HTTPD for LDAP</h2>
<ol>
<li>Navigate to the Apache install directory/conf in Explorer</li>
<li>Edit httpd.conf in a text editor</li>
<li>Find the authnz_ldap_module and make sure it is enabled by removing the # at the start of the line
<p>LoadModule authnz_ldap_module modules/mod_authnz_ldap.so</p>
</li>
<li>Find the&nbsp;ldap_module and make sure it is enabled by removing the # at the start of the line
<p>LoadModule ldap_module modules/mod_ldap.so</p>
</li>
<li>Create a Location block to enable LDAP authentication for the specified directory
<p><location ldaptest=""><br />
&nbsp; &nbsp; # Basic authentication with LDAP against MS AD<br />
&nbsp; &nbsp; AuthType Basic<br />
&nbsp; &nbsp; AuthBasicProvider ldap<br />
<br />
&nbsp; &nbsp; # AuthLDAPURL specifies the LDAP server IP, port, base DN, scope and filter<br />
&nbsp; &nbsp; # using this format: ldap://host:port/basedn?attribute?scope?filter<br />
&nbsp; &nbsp; AuthLDAPURL &quot;ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)&quot; NONE<br />
<br />
&nbsp; &nbsp; # The LDAP bind username and password<br />
&nbsp; &nbsp; AuthLDAPBindDN &quot;readonly_svc@i12bretro.local&quot;<br />
&nbsp; &nbsp; AuthLDAPBindPassword &quot;Read0nly!!&quot;<br />
&nbsp; &nbsp; LDAPReferrals Off<br />
&nbsp; &nbsp; AuthUserFile /dev/null<br />
<br />
&nbsp; &nbsp; AuthName &quot;Restricted Area [i12bretro.local]&quot;<br />
&nbsp; &nbsp; # to authenticate a domain group, specify the full DN<br />
&nbsp; &nbsp; AuthLDAPGroupAttributeIsDN on<br />
&nbsp; &nbsp; require ldap-group CN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local</location></p>
</li>
<li>Save httpd.conf</li>
<li>Restart the Apache service</li>
<li>Open a browser and navigate to the LDAP authenticated URL</li>
<li>An authentication prompt should appear, allowing only users in the AD group specified access</li>
</ol>
</div>
</div>
</body>
</html>