-
Notifications
You must be signed in to change notification settings - Fork 58
/
0037.html
94 lines (89 loc) · 4.45 KB
/
0037.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Setting Up LDAP Authenticated Directory in Apache HTTPD</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta charset="UTF-8">
<meta name="keywords" content="Web Server,Apache Httpd,Apache,Web Developer,System Administrator,PHP,Active Directory,LDAP,Home Lab,Lightweight Directory Access Protocol,Browser Based,Install Guide,Self-Hosted,Web Based,Administration,Apache HTTPD,Apache HTTPD Administration,Windows,Web Server Administration,Web Server Customization,PHP LDAP Authentication,PHP LDAP,PHP Active Directory Authentication,PHP Active Directory Access,Microsoft Windows">
<meta name="author" content="i12bretro">
<meta name="description" content="Setting Up LDAP Authenticated Directory in Apache HTTPD">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="revised" content="03/26/2022 09:37:12 AM" />
<link rel="icon" type="image/x-icon" href="includes/favicon.ico">
<script type="text/javascript" src="https://code.jquery.com/jquery-3.5.1.min.js"></script>
<script type="text/javascript" src="includes/js/steps.js"></script>
<link href="css/steps.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="gridContainer">
<div class="topMargin"></div>
<div id="listName" class="topMargin">
<h1>Setting Up LDAP Authenticated Directory in Apache HTTPD</h1>
</div>
<div></div>
<div id="content">
<p>In this quick video learn how to setup LDAP/Active Directory authentication on an Apache webserver to secure web based applications.</p>
<h2>Active Directory Setup</h2>
<ol>
<li>Open Active Directory Users and Computers</li>
<li>Expand the domain > Users</li>
<li>Right Click Users > New > User</li>
<li>Create a read only account to use for LDAP binding<br />
First Name: Read<br />
Last Name: Only<br />
User logon name: readonly_svc</li>
<li>Click Next</li>
<li>Set the user's password and confirm it</li>
<li>Uncheck User must change password on next logon</li>
<li>Check User cannot change password</li>
<li>Check Password never expires</li>
<li>Click Next</li>
<li>Click Finish</li>
<li>Right Click Users > New > Group</li>
<li>Give the group a name and click OK</li>
<li>Right Click the newly created group > Properties</li>
<li>Select the Members tab > Click Add...</li>
<li>Add users that will be allowed access to the web application</li>
<li>Click OK</li>
</ol>
<h2>Configuring Apache HTTPD for LDAP</h2>
<ol>
<li>Navigate to the Apache install directory/conf in Explorer</li>
<li>Edit httpd.conf in a text editor</li>
<li>Find the authnz_ldap_module and make sure it is enabled by removing the # at the start of the line
<p>LoadModule authnz_ldap_module modules/mod_authnz_ldap.so</p>
</li>
<li>Find the ldap_module and make sure it is enabled by removing the # at the start of the line
<p>LoadModule ldap_module modules/mod_ldap.so</p>
</li>
<li>Create a Location block to enable LDAP authentication for the specified directory
<p><location /ldaptest><br />
# Basic authentication with LDAP against MS AD<br />
AuthType Basic<br />
AuthBasicProvider ldap<br />
<br />
# AuthLDAPURL specifies the LDAP server IP, port, base DN, scope and filter<br />
# using this format: ldap://host:port/basedn?attribute?scope?filter<br />
AuthLDAPURL "ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)" NONE<br />
<br />
# The LDAP bind username and password<br />
AuthLDAPBindDN "readonly_svc@i12bretro.local"<br />
AuthLDAPBindPassword "Read0nly!!"<br />
LDAPReferrals Off<br />
AuthUserFile /dev/null<br />
<br />
AuthName "Restricted Area [i12bretro.local]"<br />
# to authenticate a domain group, specify the full DN<br />
AuthLDAPGroupAttributeIsDN on<br />
require ldap-group CN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local<br />
</location></p>
</li>
<li>Save httpd.conf</li>
<li>Restart the Apache service</li>
<li>Open a browser and navigate to the LDAP authenticated URL</li>
<li>An authentication prompt should appear, allowing only users in the AD group specified access</li>
</ol>
</div>
</div>
</body>
</html>