| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 |
- <!DOCTYPE html>
- <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>Setting Up LDAP Authenticated Directory in Apache HTTPD</title>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <meta charset="UTF-8">
- <meta name="keywords" content="web server,apache httpd,apache,web developer,system administrator,PHP,Active Directory,LDAP">
- <meta name="author" content="i12bretro">
- <meta name="description" content="Setting Up LDAP Authenticated Directory in Apache HTTPD">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
- <script type="text/javascript" src="includes/js/steps.js"></script>
- <link href="css/steps.css" rel="stylesheet" type="text/css" />
- </head>
- <body>
- <div id="gridContainer">
- <div class="topMargin"></div>
- <div id="listName" class="topMargin">
- <h1>Setting Up LDAP Authenticated Directory in Apache HTTPD</h1>
- </div>
- <div></div>
- <div id="content">
- <p>In this quick video learn how to setup LDAP/Active Directory authentication on an Apache webserver to secure web based applications.</p>
- <h2>Active Directory Setup</h2>
- <ol>
- <li>Open Active Directory Users and Computers</li>
- <li>Expand the domain > Users</li>
- <li>Right Click Users > New > User</li>
- <li>Create a read only account to use for LDAP binding<br />
- First Name: Read<br />
- Last Name: Only<br />
- User logon name: readonly_svc</li>
- <li>Click Next</li>
- <li>Set the user's password and confirm it</li>
- <li>Uncheck User must change password on next logon</li>
- <li>Check User cannot change password</li>
- <li>Check Password never expires</li>
- <li>Click Next</li>
- <li>Click Finish</li>
- <li>Right Click Users > New > Group</li>
- <li>Give the group a name and click OK</li>
- <li>Right Click the newly created group > Properties</li>
- <li>Select the Members tab > Click Add...</li>
- <li>Add users that will be allowed access to the web application</li>
- <li>Click OK</li>
- </ol>
- <h2>Configuring Apache HTTPD for LDAP</h2>
- <ol>
- <li>Navigate to the Apache install directory/conf in Explorer</li>
- <li>Edit httpd.conf in a text editor</li>
- <li>Find the authnz_ldap_module and make sure it is enabled by removing the # at the start of the line
- <p>LoadModule authnz_ldap_module modules/mod_authnz_ldap.so</p>
- </li>
- <li>Find the ldap_module and make sure it is enabled by removing the # at the start of the line
- <p>LoadModule ldap_module modules/mod_ldap.so</p>
- </li>
- <li>Create a Location block to enable LDAP authentication for the specified directory
- <p><location /ldaptest><br />
- # Basic authentication with LDAP against MS AD<br />
- AuthType Basic<br />
- AuthBasicProvider ldap<br />
- <br />
- # AuthLDAPURL specifies the LDAP server IP, port, base DN, scope and filter<br />
- # using this format: ldap://host:port/basedn?attribute?scope?filter<br />
- AuthLDAPURL "ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)" NONE<br />
- <br />
- # The LDAP bind username and password<br />
- AuthLDAPBindDN "readonly_svc@i12bretro.local"<br />
- AuthLDAPBindPassword "Read0nly!!"<br />
- LDAPReferrals Off<br />
- AuthUserFile /dev/null<br />
- <br />
- AuthName "Restricted Area [i12bretro.local]"<br />
- # to authenticate a domain group, specify the full DN<br />
- AuthLDAPGroupAttributeIsDN on<br />
- require ldap-group CN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local<br />
- </location></p>
- </li>
- <li>Save httpd.conf</li>
- <li>Restart the Apache service</li>
- <li>Open a browser and navigate to the LDAP authenticated URL</li>
- <li>An authentication prompt should appear, allowing only users in the AD group specified access</li>
- </ol>
- </div>
- </div>
- </body>
- </html>
-
|
