|
|
@@ -0,0 +1,140 @@
|
|
|
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
|
+ <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
|
|
|
+ <head>
|
|
|
+ <title>Setting Up LDAP Authenticated Directory in Apache HTTPD</title>
|
|
|
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
|
+ <script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
|
|
|
+ <script type="text/javascript">
|
|
|
+ $(function(){
|
|
|
+ $('textarea').each(function(i,e){
|
|
|
+ theTextarea = $(this);
|
|
|
+ theTextarea.height((theTextarea[0].scrollHeight-5) +'px');
|
|
|
+ });
|
|
|
+
|
|
|
+ $('li').each(function(i,e){
|
|
|
+ var uuid = 'li_' + Math.floor(Math.random() * Math.floor(1000000)).toString() + '_' + i.toString();
|
|
|
+ $(this).contents().wrap('<span id="'+ uuid +'"><label for="cb_'+ uuid +'"></label></span>');
|
|
|
+ $(this).prepend('<input type="checkbox" class="completeBox" id="cb_' + uuid +'" rel="'+ uuid +'" />')
|
|
|
+ });
|
|
|
+
|
|
|
+ $('code,div.codeBlock,textarea.codeBlock').each(function(i,e){
|
|
|
+ theElement = $(this);
|
|
|
+ var lines = theElement.html().split("\n");
|
|
|
+ theElement.empty();
|
|
|
+ for(l=0;l<lines.length;l++){
|
|
|
+ if($.trim(lines[l]) != '' && $.trim(lines[l]).substr(0,1) != '#' && $.trim(lines[l]).indexOf(' #') == -1 && lines[l].substr(0, 4).toUpperCase() != 'REM '){
|
|
|
+ theElement.append('<input type="image" src="images/clipboard.png" value="" class="copy-text" rel="copy_'+ i +'_'+ l +'" data-clipboard-text="'+ lines[l].replace(/"/g, '"') +'" /><span id="copy_'+ i +'_'+ l +'">'+ lines[l] +'</span>');
|
|
|
+ } else {
|
|
|
+ theElement.append(lines[l]);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ });
|
|
|
+
|
|
|
+ $(document).on('click','input.copy-text',function(){
|
|
|
+ theButton = $(this);
|
|
|
+ $('input.copy-text').attr('src','images/clipboard.png');
|
|
|
+ $('span.copy-animation').removeClass('copy-animation');
|
|
|
+ try {
|
|
|
+ $('#'+ theButton.attr('rel')).addClass('copy-animation');
|
|
|
+ navigator.clipboard.writeText(theButton.data('clipboard-text').replace(/<[^>]*>?/gm, ''));
|
|
|
+ theButton.attr('src','images/clipboard_active.png');
|
|
|
+ } catch(err) {
|
|
|
+ }
|
|
|
+ return false;
|
|
|
+ });
|
|
|
+
|
|
|
+ $(document).on('click','input.completeBox',function(){
|
|
|
+ theBox = $(this);
|
|
|
+ $('#'+ theBox.attr('rel')).addClass('strikethrough');
|
|
|
+ theBox.prop('disabled',true);
|
|
|
+ theBox.parent('li').prevAll().each(function(i,e){
|
|
|
+ theLI = $(this);
|
|
|
+ if(theLI.find('input[type=checkbox]').not(':checked')){
|
|
|
+ $('#'+ theLI.find('input[type=checkbox]').attr('rel')).addClass('strikethrough');
|
|
|
+ theLI.find('input[type=checkbox]').prop('checked',true).prop('disabled',true);
|
|
|
+ }
|
|
|
+ });
|
|
|
+ });
|
|
|
+
|
|
|
+ if(window.self !== window.top){
|
|
|
+ window.parent.$('iframe.stepsFrame').height((this['scrollingElement']['scrollHeight']+20) +'px');
|
|
|
+ }
|
|
|
+ });
|
|
|
+ </script>
|
|
|
+ <link href="css/steps.css" rel="stylesheet" type="text/css" />
|
|
|
+ </head>
|
|
|
+ <body>
|
|
|
+ <div id="gridContainer">
|
|
|
+ <div class="topMargin"></div>
|
|
|
+ <div id="listName" class="topMargin">
|
|
|
+ <h1>Setting Up LDAP Authenticated Directory in Apache HTTPD</h1>
|
|
|
+ </div>
|
|
|
+ <div></div>
|
|
|
+ <div id="content">
|
|
|
+ <h2>Active Directory Setup</h2>
|
|
|
+
|
|
|
+<ol>
|
|
|
+ <li>Open Active Directory Users and Computers</li>
|
|
|
+ <li>Expand the domain > Users</li>
|
|
|
+ <li>Right Click Users > New > User</li>
|
|
|
+ <li>Create a read only account to use for LDAP binding<br />
|
|
|
+ First Name: Read<br />
|
|
|
+ Last Name: Only<br />
|
|
|
+ User logon name: readonly_svc</li>
|
|
|
+ <li>Click Next</li>
|
|
|
+ <li>Set the user's password and confirm it</li>
|
|
|
+ <li>Uncheck User must change password on next logon</li>
|
|
|
+ <li>Check User cannot change password</li>
|
|
|
+ <li>Check Password never expires</li>
|
|
|
+ <li>Click Next</li>
|
|
|
+ <li>Click Finish</li>
|
|
|
+ <li>Right Click Users > New > Group</li>
|
|
|
+ <li>Give the group a name and click OK</li>
|
|
|
+ <li>Right Click the newly created group > Properties</li>
|
|
|
+ <li>Select the Members tab > Click Add...</li>
|
|
|
+ <li>Add users that will be allowed access to the web application</li>
|
|
|
+ <li>Click OK</li>
|
|
|
+</ol>
|
|
|
+
|
|
|
+<h2>Configuring Apache HTTPD for LDAP</h2>
|
|
|
+
|
|
|
+<ol>
|
|
|
+ <li>Navigate to the Apache install directory/conf in Explorer</li>
|
|
|
+ <li>Edit httpd.conf in a text editor</li>
|
|
|
+ <li>Find the authnz_ldap_module and make sure it is enabled by removing the # at the start of the line
|
|
|
+ <p>LoadModule authnz_ldap_module modules/mod_authnz_ldap.so</p>
|
|
|
+ </li>
|
|
|
+ <li>Find the ldap_module and make sure it is enabled by removing the # at the start of the line
|
|
|
+ <p>LoadModule ldap_module modules/mod_ldap.so</p>
|
|
|
+ </li>
|
|
|
+ <li>Create a Location block to enable LDAP authentication for the specified directory
|
|
|
+ <p><location ldaptest=""><br />
|
|
|
+ # Basic authentication with LDAP against MS AD<br />
|
|
|
+ AuthType Basic<br />
|
|
|
+ AuthBasicProvider ldap<br />
|
|
|
+ <br />
|
|
|
+ # AuthLDAPURL specifies the LDAP server IP, port, base DN, scope and filter<br />
|
|
|
+ # using this format: ldap://host:port/basedn?attribute?scope?filter<br />
|
|
|
+ AuthLDAPURL "ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)" NONE<br />
|
|
|
+ <br />
|
|
|
+ # The LDAP bind username and password<br />
|
|
|
+ AuthLDAPBindDN "readonly_svc@i12bretro.local"<br />
|
|
|
+ AuthLDAPBindPassword "Read0nly!!"<br />
|
|
|
+ LDAPReferrals Off<br />
|
|
|
+ AuthUserFile /dev/null<br />
|
|
|
+ <br />
|
|
|
+ AuthName "Restricted Area [i12bretro.local]"<br />
|
|
|
+ # to authenticate a domain group, specify the full DN<br />
|
|
|
+ AuthLDAPGroupAttributeIsDN on<br />
|
|
|
+ require ldap-group CN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local</location></p>
|
|
|
+ </li>
|
|
|
+ <li>Save httpd.conf</li>
|
|
|
+ <li>Restart the Apache service</li>
|
|
|
+ <li>Open a browser and navigate to the LDAP authenticated URL</li>
|
|
|
+ <li>An authentication prompt should appear, allowing only users in the AD group specified access</li>
|
|
|
+</ol>
|
|
|
+ </div>
|
|
|
+ </div>
|
|
|
+ </body>
|
|
|
+ </html>
|
|
|
+
|
i12bretro