In squeeze, the Apache LDAP module is already installed with the Apache common package. You just need to enable the module and configure.
1. Enable the LDAP module
a2enmod authnz_ldap
2. Add Auth config variables to the site or directory that should be password protected (ex. pico /etc/apache2/sites-enabled/000-default). In this example, the “/protected” relative location will be password protected. You can protect any Location or Directory using the same method.
<Location /protected>
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthName "Password protected. Enter your AD username and password."
AuthLDAPURL "ldap://{host_or_ip}/CN=Users,DC=example,DC=org?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "{username}@example.org"
AuthLDAPBindPassword {password}
Require valid-user
</Location>
Replace {host_or_ip} with the AD/LDAP server hostname or IP address. Change example.org to your domain. Enter username and password for a user that has access to the domain.
The last line, “Require valid-user” will allow any user in the directory to login. To allow only certain users, change that line to:
Require ldap-user user1 user2
To allow only users from a specific group, change “Require valid-user” to:
Require ldap-group CN={group},CN=Users,dc=example,dc=org
Replace {group} to the name of a group and type correct domain name instead of example.org.
3. Restart Apache
/etc/init.d/apache2 restartP.S.: How to find AD DC server in local network:On any computer, that has DNS configured to use AD's DNS server do:
Start -> Run -> nslookup
set type=all
_ldap._tcp.dc._msdcs.DOMAIN_NAME
Комментариев нет:
Отправить комментарий