[CentOS] Anyone using Active Driectory auth with Centos 5.4.....?

Pat and Lori Boyer pboyer at gmail.com
Tue Feb 9 16:57:20 UTC 2010


I've had decent luck with LDAP authentication for Apache. AD does not
support anonymous LDAP searches so you have to have a user account that has
the ability to search AD. Here's a modified sample config (.htaccess or
httpd.conf) that includes security group membership checks. This would
require that a user login with their Windows domain username and password
and that the user be a member of the AD security group 'managers':

AuthType              basic
AuthName              "Windows Domain Credentials - Managers Only"
AuthzLDAPMethod       ldap
AuthzLDAPServer       "dc1.example.com"
AuthzLDAPBindDN       "CN=username,CN=Users,DC=example,DC=com"
AuthzLDAPBindPassword "superSecretPassword"
AuthzLDAPUserBase     "CN=Users,DC=example,DC=com"
AuthzLDAPUserKey      sAMAccountName
AuthzLDAPUserScope    subtree
AuthzLDAPGroupBase    "CN=Users,DC=example,DC=com"
AuthzLDAPGroupKey     cn
AuthzLDAPGroupScope   subtree
AuthzLDAPMemberKey    member
AuthzLDAPSetGroupAuth ldapdn
require group         managers



On Tue, Feb 9, 2010 at 11:35 AM, Tom Bishop <bishoptf at gmail.com> wrote:

> I looked over an most of which I have already done, the last piece that I
> am trying to address is how to do authentication with Apache against active
> directory, mod_auth_pam is one way but I have not had any luck getting it to
> compile with the latest Apache....Thanks
>
>
> On Mon, Feb 8, 2010 at 6:49 PM, Arvind P R <iinfi1 at gmail.com> wrote:
>
>> I had written a blog quite some time back on this. There might be some
>> glitches in it, but will give you some clue. The blog is
>> blog.Palalinha.Com
>> i am sitting at the airport with my mobile so cant find you the
>> correct thread in the blog. Let me know if it helps.
>>
>> On 2/8/10, Tom Bishop <bishoptf at gmail.com> wrote:
>> > Setting up a new backuppc for a small group of device and I am running
>> > centos 5.4 with winbind setup and working.  Everything is working and I
>> > would like the users to authenicate using their AD creds and was
>> wondering
>> > what folks are using to do that with apache 2.2 and centos 5.4.  I know
>> > about mod_auth_pam but that seems pretty dead so I was just wondering
>> what
>> > folks were using and whats the easiest to setup.  Any pointers to any
>> how
>> > to's would be appreciated...Thanks.
>> >
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos/attachments/20100209/005fb11a/attachment.html 


More information about the CentOS mailing list