G
Guest
We'd like to use the fact that all of our users have an AD account to
simplify authentication and authorization for our users of windows, mac and
linux. More specifically, for example, we have an intranet and we'd like to
use mod_authz_ldap with apache to check active directory for a valid user
name and pw. We have that part working now but it uses first and last name
as the base DN and we'd rather use the user name. Then, we'd like to set an
apache directive to check for group membership to manage rights on the
intranet. I realize I am fairly new to this and could be missing something
major but any ideas would be appreciated. Below is some detail. We have
tried to sniff the traffic and we see the query but can't read any output
from the DC and seem to have either a permissions prob or an improper query.
#
# mod_authz_ldap can be used to implement access control and
# authenticate users against an LDAP database.
#
LoadModule authz_ldap_module modules/mod_authz_ldap.so
<IfModule mod_authz_ldap.c>
<Directory /var/www/html/martin>
AuthzLDAPMethod ldapmapped
AuthzLDAPServer swansboro.lib.unc.edu
AuthzLDAPUserBase cn=users,dc=lib,dc=unc,dc=edu
AuthzLDAPUserKey cn
AuthzLDAPUserScope base
AuthzLDAPGroupBase cn=users,dc=lib,dc=unc,dc=edu
AuthzLDAPGroupKey cn
AuthzLDAPSetGroupAuth ldapdn
AuthzLDAPGroupScope base
#
AuthType basic
AuthName "(e-mail address removed)"
require group Systems
simplify authentication and authorization for our users of windows, mac and
linux. More specifically, for example, we have an intranet and we'd like to
use mod_authz_ldap with apache to check active directory for a valid user
name and pw. We have that part working now but it uses first and last name
as the base DN and we'd rather use the user name. Then, we'd like to set an
apache directive to check for group membership to manage rights on the
intranet. I realize I am fairly new to this and could be missing something
major but any ideas would be appreciated. Below is some detail. We have
tried to sniff the traffic and we see the query but can't read any output
from the DC and seem to have either a permissions prob or an improper query.
#
# mod_authz_ldap can be used to implement access control and
# authenticate users against an LDAP database.
#
LoadModule authz_ldap_module modules/mod_authz_ldap.so
<IfModule mod_authz_ldap.c>
<Directory /var/www/html/martin>
AuthzLDAPMethod ldapmapped
AuthzLDAPServer swansboro.lib.unc.edu
AuthzLDAPUserBase cn=users,dc=lib,dc=unc,dc=edu
AuthzLDAPUserKey cn
AuthzLDAPUserScope base
AuthzLDAPGroupBase cn=users,dc=lib,dc=unc,dc=edu
AuthzLDAPGroupKey cn
AuthzLDAPSetGroupAuth ldapdn
AuthzLDAPGroupScope base
#
AuthType basic
AuthName "(e-mail address removed)"
require group Systems
