We use cookies to ensure you get the best experience on our website
Startseite Erkunden Hilfe
Registrieren Anmelden
0ct0pu5
/
tutorials
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Branch: main
Branches Tags
tutorials
/
0037.html

0037.html 4.4 KB
Permalink Verlauf Originalformat

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 
  1.     <!DOCTYPE html>
    2. 

  2.     <html lang="en" xmlns="http://www.w3.org/1999/xhtml">
    3. 

  3.       <head>
    4. 

  4.         <title>Setting Up LDAP Authenticated Directory in Apache HTTPD</title>
    5. 

  5.         <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    6. 

  6.         <meta charset="UTF-8">
    7. 

  7.         <meta name="keywords" content="Web Server,Apache Httpd,Apache,Web Developer,System Administrator,PHP,Active Directory,LDAP,Home Lab,Lightweight Directory Access Protocol,Browser Based,Install Guide,Self-Hosted,Web Based,Administration,Apache HTTPD,Apache HTTPD Administration,Windows,Web Server Administration,Web Server Customization,PHP LDAP Authentication,PHP LDAP,PHP Active Directory Authentication,PHP Active Directory Access,Microsoft Windows">
    8. 

  8.         <meta name="author" content="i12bretro">
    9. 

  9.         <meta name="description" content="Setting Up LDAP Authenticated Directory in Apache HTTPD">
    10. 

  10.         <meta name="viewport" content="width=device-width, initial-scale=1.0">
    11. 

  11.         <meta name="revised" content="03/26/2022 09:37:12 AM" />
    12. 

  12. 				          <link rel="icon" type="image/x-icon" href="includes/favicon.ico">
    13. 

  13. 				  <script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
    14. 

  14. 				        <script type="text/javascript" src="includes/js/steps.js"></script>
    15. 

  15.         <link href="css/steps.css" rel="stylesheet" type="text/css" />
    16. 

  16.       </head>
    17. 

  17.       <body>
    18. 

  18.         <div id="gridContainer">
    19. 

  19.           <div class="topMargin"></div>
    20. 

  20.           <div id="listName" class="topMargin">
    21. 

  21.             <h1>Setting Up LDAP Authenticated Directory in Apache HTTPD</h1>
    22. 

  22.           </div>
    23. 

  23.           <div></div>
    24. 

  24.           <div id="content">
    25. 

  25.           <p>In this quick video learn how to setup LDAP/Active Directory authentication on an Apache webserver to secure web based applications.</p>
    26. 

  26. 

  27. <h2>Active Directory Setup</h2>
    28. 

  28. 

  29. <ol>
    30. 

  30. 	<li>Open Active Directory Users and Computers</li>
    31. 

  31. 	<li>Expand the domain &gt; Users</li>
    32. 

  32. 	<li>Right Click Users &gt; New &gt; User</li>
    33. 

  33. 	<li>Create a read only account to use for LDAP binding<br />
    34. 

  34. 	First Name: Read<br />
    35. 

  35. 	Last Name: Only<br />
    36. 

  36. 	User logon name: readonly_svc</li>
    37. 

  37. 	<li>Click Next</li>
    38. 

  38. 	<li>Set the user&#39;s password and confirm it</li>
    39. 

  39. 	<li>Uncheck User must change password on next logon</li>
    40. 

  40. 	<li>Check User cannot change password</li>
    41. 

  41. 	<li>Check Password never expires</li>
    42. 

  42. 	<li>Click Next</li>
    43. 

  43. 	<li>Click Finish</li>
    44. 

  44. 	<li>Right Click Users &gt; New &gt; Group</li>
    45. 

  45. 	<li>Give the group a name and click OK</li>
    46. 

  46. 	<li>Right Click the newly created group &gt; Properties</li>
    47. 

  47. 	<li>Select the Members tab &gt; Click Add...</li>
    48. 

  48. 	<li>Add users that will be allowed access to the web application</li>
    49. 

  49. 	<li>Click OK</li>
    50. 

  50. </ol>
    51. 

  51. 

  52. <h2>Configuring Apache HTTPD for LDAP</h2>
    53. 

  53. 

  54. <ol>
    55. 

  55. 	<li>Navigate to the Apache install directory/conf in Explorer</li>
    56. 

  56. 	<li>Edit httpd.conf in a text editor</li>
    57. 

  57. 	<li>Find the authnz_ldap_module and make sure it is enabled by removing the # at the start of the line
    58. 

  58. 	<p>LoadModule authnz_ldap_module modules/mod_authnz_ldap.so</p>
    59. 

  59. 	</li>
    60. 

  60. 	<li>Find the ldap_module and make sure it is enabled by removing the # at the start of the line
    61. 

  61. 	<p>LoadModule ldap_module modules/mod_ldap.so</p>
    62. 

  62. 	</li>
    63. 

  63. 	<li>Create a Location block to enable LDAP authentication for the specified directory
    64. 

  64. 	<p>&lt;location /ldaptest&gt;<br />
    65. 

  65. 	# Basic authentication with LDAP against MS AD<br />
    66. 

  66. 	AuthType Basic<br />
    67. 

  67. 	AuthBasicProvider ldap<br />
    68. 

  68. 	<br />
    69. 

  69. 	# AuthLDAPURL specifies the LDAP server IP, port, base DN, scope and filter<br />
    70. 

  70. 	# using this format: ldap://host:port/basedn?attribute?scope?filter<br />
    71. 

  71. 	AuthLDAPURL &quot;ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)&quot; NONE<br />
    72. 

  72. 	<br />
    73. 

  73. 	# The LDAP bind username and password<br />
    74. 

  74. 	AuthLDAPBindDN &quot;readonly_svc@i12bretro.local&quot;<br />
    75. 

  75. 	AuthLDAPBindPassword &quot;Read0nly!!&quot;<br />
    76. 

  76. 	LDAPReferrals Off<br />
    77. 

  77. 	AuthUserFile /dev/null<br />
    78. 

  78. 	<br />
    79. 

  79. 	AuthName &quot;Restricted Area [i12bretro.local]&quot;<br />
    80. 

  80. 	# to authenticate a domain group, specify the full DN<br />
    81. 

  81. 	AuthLDAPGroupAttributeIsDN on<br />
    82. 

  82. 	require ldap-group CN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local<br />
    83. 

  83. 	&lt;/location&gt;</p>
    84. 

  84. 	</li>
    85. 

  85. 	<li>Save httpd.conf</li>
    86. 

  86. 	<li>Restart the Apache service</li>
    87. 

  87. 	<li>Open a browser and navigate to the LDAP authenticated URL</li>
    88. 

  88. 	<li>An authentication prompt should appear, allowing only users in the AD group specified access</li>
    89. 

  89. </ol>
    90. 

  90.           </div>
    91. 

  91.         </div>
    92. 

  92.       </body>
    93. 

  93.     </html>
    94. 

  94.   
    95.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5