This looks like the way to go, I don&#39;t like the username /pass stored in plain text but maybe if I create a special group that doesn&#39;t really have any privileges this would work, geez AD is just plain bad...lol, Thanks.<br>
<br><div class="gmail_quote">On Tue, Feb 9, 2010 at 10:57 AM, Pat and Lori Boyer <span dir="ltr">&lt;<a href="mailto:pboyer@gmail.com">pboyer@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I&#39;ve had decent luck with LDAP authentication for Apache. AD does not support anonymous LDAP searches so you have to have a user account that has the ability to search AD. Here&#39;s a modified sample config (.htaccess or httpd.conf) that includes security group membership checks. This would require that a user login with their Windows domain username and password and that the user be a member of the AD security group &#39;managers&#39;:<br>

<br>AuthType              basic<br>AuthName              &quot;Windows Domain Credentials - Managers Only&quot;<br>AuthzLDAPMethod       ldap<br>AuthzLDAPServer       &quot;<a href="http://dc1.example.com" target="_blank">dc1.example.com</a>&quot;<br>

AuthzLDAPBindDN       &quot;CN=username,CN=Users,DC=example,DC=com&quot;<br>AuthzLDAPBindPassword &quot;superSecretPassword&quot;<br>AuthzLDAPUserBase     &quot;CN=Users,DC=example,DC=com&quot;<br>AuthzLDAPUserKey      sAMAccountName<br>

AuthzLDAPUserScope    subtree<br>AuthzLDAPGroupBase    &quot;CN=Users,DC=example,DC=com&quot;<br>AuthzLDAPGroupKey     cn<br>AuthzLDAPGroupScope   subtree<br>AuthzLDAPMemberKey    member<br>AuthzLDAPSetGroupAuth ldapdn<br>

require group         managers<div><div></div><div class="h5"><br><br><br><br><div class="gmail_quote">On Tue, Feb 9, 2010 at 11:35 AM, Tom Bishop <span dir="ltr">&lt;<a href="mailto:bishoptf@gmail.com" target="_blank">bishoptf@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I looked over an most of which I have already done, the last piece that I am trying to address is how to do authentication with Apache against active directory, mod_auth_pam is one way but I have not had any luck getting it to compile with the latest Apache....Thanks<div>

<div></div><div><br>
<br><div class="gmail_quote">On Mon, Feb 8, 2010 at 6:49 PM, Arvind P R <span dir="ltr">&lt;<a href="mailto:iinfi1@gmail.com" target="_blank">iinfi1@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">


I had written a blog quite some time back on this. There might be some<br>
glitches in it, but will give you some clue. The blog is<br>
<a href="http://blog.Palalinha.Com" target="_blank">blog.Palalinha.Com</a><br>
i am sitting at the airport with my mobile so cant find you the<br>
correct thread in the blog. Let me know if it helps.<br>
<div><div></div><div><br>
On 2/8/10, Tom Bishop &lt;<a href="mailto:bishoptf@gmail.com" target="_blank">bishoptf@gmail.com</a>&gt; wrote:<br>
&gt; Setting up a new backuppc for a small group of device and I am running<br>
&gt; centos 5.4 with winbind setup and working.  Everything is working and I<br>
&gt; would like the users to authenicate using their AD creds and was wondering<br>
&gt; what folks are using to do that with apache 2.2 and centos 5.4.  I know<br>
&gt; about mod_auth_pam but that seems pretty dead so I was just wondering what<br>
&gt; folks were using and whats the easiest to setup.  Any pointers to any how<br>
&gt; to&#39;s would be appreciated...Thanks.<br>
&gt;<br>
</div></div>_______________________________________________<br>
CentOS mailing list<br>
<a href="mailto:CentOS@centos.org" target="_blank">CentOS@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos" target="_blank">http://lists.centos.org/mailman/listinfo/centos</a><br>
</blockquote></div><br>
</div></div><br>_______________________________________________<br>
CentOS mailing list<br>
<a href="mailto:CentOS@centos.org" target="_blank">CentOS@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos" target="_blank">http://lists.centos.org/mailman/listinfo/centos</a><br>
<br></blockquote></div><br>
</div></div><br>_______________________________________________<br>
CentOS mailing list<br>
<a href="mailto:CentOS@centos.org">CentOS@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos" target="_blank">http://lists.centos.org/mailman/listinfo/centos</a><br>
<br></blockquote></div><br>