#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2003
    Posts
    69
    Rep Power
    12

    Apache Module mod_ldap?


    I made an Intranet for a client, got them a content management system which usses htaccess, but now I'd like to skip the htaccess authentication and give someone access based on his Novell/Windows username.

    Is the Apache Module mod_ldap the answer?
    Is there any other way to do this?
    -----------------------------------------------
    Ow, it's an internal project. Well,
    what about we'll finish it next year...
    -----------------------------------------------
  2. #2
  3. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    use auth_ldap_module

    then to authennticate you do something like
    Code:
    	AllowOverride None
    	Order allow,deny
    	Allow from all
    	Require valid-user
    	Authname "My website"
    	Authtype Basic
    	# ssl is optional
    	SSLRequireSSL
    
    	AuthLDAPAuthoritative off
    	AuthLDAPBindDN cn=auth,dc=mydomain.com
    	AuthLDAPBindPassword somepassword
    	AuthLDAPEnabled on
    	AuthLDAPUrl ldap://(ip or domain)/dc=mydomain.com?cn?sub?(ldap filter goes here)
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    6
    Rep Power
    0
    I'm trying to get Apache LDAP authentication working against Active Directory as well. The idea is to use it for authentication for our Subversion system. Here's our setup:

    Windows server
    Apache 2.0.52

    I am following the instructions here - other ways to install mod_auth_ldap (including the way outlined above) seem to result in Apache not starting.

    Anyway, Apache starts OK but doesn't seem to accept my login information even though it's definitely the correct password as in Active Directory. So I'm not sure if it's successfully connecting to AD, or if it's connecting but just looking in the wrong place.

    Here's the relevant bits of httpd.conf:

    Code:
    # crashes Apache startup
    # LoadModule auth_ldap_module modules/mod_auth_ldap.so
    LoadModule auth_ldap_module modules/mod_auth_ldap.dll
    Code:
    <Location /svn>
    
      DAV svn
    
      SVNParentPath "C:/svn"  
      
      # access control policy for repositories
      AuthzSVNAccessFile "C:/Program Files/Apache Group/Apache2/etc/svn-access-file"
      
      # LDAP authentication
      AuthType Basic
      LDAP_Debug On
      LDAP_Protocol_Version 3
      LDAP_Server foo.xpca.nhs.uk
      LDAP_Port 389
      Base_DN "DC=xpca,DC=nhs,DC=uk?sAMAccountName?sub?(objectClass=user)"
      Bind_DN "XPCA\shills"
      Bind_Pass "mypassword"
      UID_Attr uid
      Group_Attr "OU=IM&T"
    
      Require valid-user
      AuthName "Subversion repository"  
    </Location>
    I've also attached a screencap of some of the relevant bits (I think!) of our LDAP directory structure. As you can see, I can actually get into it fine, just not connect to it programmatically.

    Anything obvious I'm doing wrong? This is all pretty new to me...
    Attached Images
  6. #4
  7. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    to be honest I'm not an expert on it but I'd guess it is because you are using AD

IMN logo majestic logo threadwatch logo seochat tools logo