0ct0pu5
/
tutorials


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
							    <!DOCTYPE html>
    <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <title>Setting Up LDAP Authenticated Directory in Apache HTTPD</title>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
        <meta charset="UTF-8">
        <meta name="keywords" content="web server,apache httpd,apache,web developer,system administrator,PHP,Active Directory,LDAP">
        <meta name="author" content="i12bretro">
        <meta name="description" content="Setting Up LDAP Authenticated Directory in Apache HTTPD">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
								  <script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
				        <script type="text/javascript">
          $(function(){
            $('textarea').each(function(i,e){
              theTextarea = $(this);
              theTextarea.height((theTextarea[0].scrollHeight-5) +'px');
            });

            $('li').each(function(i,e){
							if(!$(this).hasClass('noCheckbox')){
								var uuid = 'li_' + Math.floor(Math.random() * Math.floor(1000000)).toString() + '_' + i.toString();
								$(this).contents().wrap('<span id="'+ uuid +'"><label for="cb_'+ uuid +'"></label></span>');
								$(this).prepend('<input type="checkbox" class="completeBox" id="cb_' + uuid +'" rel="'+ uuid +'" />')
							}
            });

            $('code,div.codeBlock,textarea.codeBlock').each(function(i,e){
              theElement = $(this);
              var lines = theElement.html().split("\n");
              theElement.empty();
              for(l=0;l<lines.length;l++){
                if($.trim(lines[l]) != '' && $.trim(lines[l]).substr(0,1) != '#' && $.trim(lines[l]).indexOf(' #') == -1 && lines[l].substr(0, 4).toUpperCase() != 'REM '){
									                  theElement.append('<input type="image" src="images/clipboard.png" value="" class="copy-text" rel="copy_'+ i +'_'+ l +'" data-clipboard-text="'+ $.trim(lines[l].replace(/"/g, '&quot;')) +'" /><span id="copy_'+ i +'_'+ l +'">'+ lines[l] +'</span>');
									                } else {
                  theElement.append(lines[l]);
                }
              }
            });

            $(document).on('click','input.copy-text',function(){
              theButton = $(this);
														$('input.copy-text').attr('src','images/clipboard.png');
							              $('span.copy-animation,span.copy-animation-ps').removeClass('copy-animation copy-animation-ps');
              try {
                if($('#'+ theButton.attr('rel')).parent('div').hasClass('PS')){
                  $('#'+ theButton.attr('rel')).addClass('copy-animation-ps');
								} else if($('#'+ theButton.attr('rel')).parent('div').hasClass('CMD')){
									$('#'+ theButton.attr('rel')).addClass('copy-animation-cmd');
                } else {
                  $('#'+ theButton.attr('rel')).addClass('copy-animation');
                }
                navigator.clipboard.writeText(theButton.data('clipboard-text').replace(/<[^>]*>?/gm, ''));
																theButton.attr('src','images/clipboard_active.png');
								              } catch(err) {
              }
              return false;
            });

            $(document).on('click','input.completeBox',function(){
              theBox = $(this);
              $('#'+ theBox.attr('rel')).addClass('strikethrough');
              theBox.prop('disabled',true);
              theBox.parent('li').prevAll().each(function(i,e){
                theLI = $(this);
                if(theLI.find('input[type=checkbox]').not(':checked')){
                  $('#'+ theLI.find('input[type=checkbox]').attr('rel')).addClass('strikethrough');
                  theLI.find('input[type=checkbox]').prop('checked',true).prop('disabled',true);
                }
              });
            });

            if(window.self !== window.top){
															window.parent.$('iframe.stepsFrame').height((this['scrollingElement']['scrollHeight']+20) +'px');
							            }
          });
        </script>
        <link href="css/steps.css" rel="stylesheet" type="text/css" />
      </head>
      <body>
        <div id="gridContainer">
          <div class="topMargin"></div>
          <div id="listName" class="topMargin">
            <h1>Setting Up LDAP Authenticated Directory in Apache HTTPD</h1>
          </div>
          <div></div>
          <div id="content">
          <p>In this quick video learn how to setup LDAP/Active Directory authentication on an Apache webserver to secure web based applications.</p>

<h2>Active Directory Setup</h2>

<ol>
	<li>Open Active Directory Users and Computers</li>
	<li>Expand the domain &gt; Users</li>
	<li>Right Click Users &gt; New &gt; User</li>
	<li>Create a read only account to use for LDAP binding<br />
	First Name: Read<br />
	Last Name: Only<br />
	User logon name: readonly_svc</li>
	<li>Click Next</li>
	<li>Set the user&#39;s password and confirm it</li>
	<li>Uncheck User must change password on next logon</li>
	<li>Check User cannot change password</li>
	<li>Check Password never expires</li>
	<li>Click Next</li>
	<li>Click Finish</li>
	<li>Right Click Users &gt; New &gt; Group</li>
	<li>Give the group a name and click OK</li>
	<li>Right Click the newly created group &gt; Properties</li>
	<li>Select the Members tab &gt; Click Add...</li>
	<li>Add users that will be allowed access to the web application</li>
	<li>Click OK</li>
</ol>

<h2>Configuring Apache HTTPD for LDAP</h2>

<ol>
	<li>Navigate to the Apache install directory/conf in Explorer</li>
	<li>Edit httpd.conf in a text editor</li>
	<li>Find the authnz_ldap_module and make sure it is enabled by removing the # at the start of the line
	<p>LoadModule authnz_ldap_module modules/mod_authnz_ldap.so</p>
	</li>
	<li>Find the ldap_module and make sure it is enabled by removing the # at the start of the line
	<p>LoadModule ldap_module modules/mod_ldap.so</p>
	</li>
	<li>Create a Location block to enable LDAP authentication for the specified directory
	<p>&lt;location /ldaptest&gt;<br />
	# Basic authentication with LDAP against MS AD<br />
	AuthType Basic<br />
	AuthBasicProvider ldap<br />
	<br />
	# AuthLDAPURL specifies the LDAP server IP, port, base DN, scope and filter<br />
	# using this format: ldap://host:port/basedn?attribute?scope?filter<br />
	AuthLDAPURL &quot;ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)&quot; NONE<br />
	<br />
	# The LDAP bind username and password<br />
	AuthLDAPBindDN &quot;readonly_svc@i12bretro.local&quot;<br />
	AuthLDAPBindPassword &quot;Read0nly!!&quot;<br />
	LDAPReferrals Off<br />
	AuthUserFile /dev/null<br />
	<br />
	AuthName &quot;Restricted Area [i12bretro.local]&quot;<br />
	# to authenticate a domain group, specify the full DN<br />
	AuthLDAPGroupAttributeIsDN on<br />
	require ldap-group CN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local<br />
	&lt;/location&gt;</p>
	</li>
	<li>Save httpd.conf</li>
	<li>Restart the Apache service</li>
	<li>Open a browser and navigate to the LDAP authenticated URL</li>
	<li>An authentication prompt should appear, allowing only users in the AD group specified access</li>
</ol>
          </div>
        </div>
      </body>
    </html>