Requiring Active Directory Userid/password to access the apache website on Ubuntu server

1. First enable module mod_authnz_ldap. You can do it by typing

sudo a2enmod authnz_ldap

After the mod_authnz_ldap is successfully installed, you should see file authnz_ldap.load under /etc/apache2/mods-enabled folder.

2. On the active directory server, you need to create a user (does not need to be an administrator account, just domain user is ok). In the example below, the user is called AD_VIEWER with the password as password123.

3. Modify the file /etc/apache2/sites-enabled/000-default. I have included the sample file below.

<Directory “/var/www/secret”>
Order deny,allow
deny from all
AuthType Basic
AuthName “example.com”
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL “ldap://server01.yourdomain.com:389/OU=Adminisration,dc=yourdomain,dc=com?sAMAccountName?sub?(objectClass=*)”
AuthLDAPBindDN “AD_VIEWER@yourdomain.com”
AuthLDAPBindPassword password123
AuthLDAPGroupAttributeIsDN on
require ldap-user user1 user2
satisfy any
</Directory>

 

AuthLDAPURL maybe the hardest part to configure. You need to make sure the user you want to validate against are in the proper OU group. Otherwise the authenticaion process won’t work. For instance, if the user is located under OU = Sales which is under OU = Canada, then you need to specify OU=Sales, OU=Canada, dc=yourdomain,dc=com etc.

 

Advertisements

One thought on “Requiring Active Directory Userid/password to access the apache website on Ubuntu server

  1. Pingback: Requiring Active Directory Userid/Password for website access -v2 | Andrew's blog of things

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s