This looks like the way to go, I don't like the username /pass stored in plain text but maybe if I create a special group that doesn't really have any privileges this would work, geez AD is just plain bad...lol, Thanks. On Tue, Feb 9, 2010 at 10:57 AM, Pat and Lori Boyer <pboyer at gmail.com>wrote: > I've had decent luck with LDAP authentication for Apache. AD does not > support anonymous LDAP searches so you have to have a user account that has > the ability to search AD. Here's a modified sample config (.htaccess or > httpd.conf) that includes security group membership checks. This would > require that a user login with their Windows domain username and password > and that the user be a member of the AD security group 'managers': > > AuthType basic > AuthName "Windows Domain Credentials - Managers Only" > AuthzLDAPMethod ldap > AuthzLDAPServer "dc1.example.com" > AuthzLDAPBindDN "CN=username,CN=Users,DC=example,DC=com" > AuthzLDAPBindPassword "superSecretPassword" > AuthzLDAPUserBase "CN=Users,DC=example,DC=com" > AuthzLDAPUserKey sAMAccountName > AuthzLDAPUserScope subtree > AuthzLDAPGroupBase "CN=Users,DC=example,DC=com" > AuthzLDAPGroupKey cn > AuthzLDAPGroupScope subtree > AuthzLDAPMemberKey member > AuthzLDAPSetGroupAuth ldapdn > require group managers > > > > > On Tue, Feb 9, 2010 at 11:35 AM, Tom Bishop <bishoptf at gmail.com> wrote: > >> I looked over an most of which I have already done, the last piece that I >> am trying to address is how to do authentication with Apache against active >> directory, mod_auth_pam is one way but I have not had any luck getting it to >> compile with the latest Apache....Thanks >> >> >> On Mon, Feb 8, 2010 at 6:49 PM, Arvind P R <iinfi1 at gmail.com> wrote: >> >>> I had written a blog quite some time back on this. There might be some >>> glitches in it, but will give you some clue. The blog is >>> blog.Palalinha.Com >>> i am sitting at the airport with my mobile so cant find you the >>> correct thread in the blog. Let me know if it helps. >>> >>> On 2/8/10, Tom Bishop <bishoptf at gmail.com> wrote: >>> > Setting up a new backuppc for a small group of device and I am running >>> > centos 5.4 with winbind setup and working. Everything is working and I >>> > would like the users to authenicate using their AD creds and was >>> wondering >>> > what folks are using to do that with apache 2.2 and centos 5.4. I know >>> > about mod_auth_pam but that seems pretty dead so I was just wondering >>> what >>> > folks were using and whats the easiest to setup. Any pointers to any >>> how >>> > to's would be appreciated...Thanks. >>> > >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >> >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> >> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20100209/b41353df/attachment-0005.html>