apache/auth_ldap authentication to win2k active directory

Redmond Militante r-militante at northwestern.edu
Tue Oct 14 08:01:11 PDT 2003 

hi all

i've been given the task of setting up ldap authentication against a windows 2000 active directory from a webpage served up by our apache box.

the documentation that exists for this is sparse.  so far, i've: 
installed auth_ldap as an apache module
recompiled php4 for openldap support
recompiled apache for modssl support

i've been going through the examples listed on http://www.rudedog.org/auth_ldap/ (auth_ldap homepage) - but the examples listed on this page are mainly for iPlanet, no examples are given for windows active directory authentication, just some notes on the subject...

ideally, i'd like to have a webpage/pages protected by .htaccess that authenticates against my win2k pdc.  i've tried the following in my httpd.conf file

#<Directory "/usr/local/www/data-dist/ldap">
#Options Indexes FollowSymLinks
#AllowOverride None
#Order allow,deny
#Allow from all
#AuthLDAPEnabled on
#AuthLDAPAuthoritative on
#AuthName "Secure Access"
#AuthType Basic
#AuthLDAPBindDN CN=users,DC=my.domaincontroller.edu,DC=edu
#AuthLDAPBindPassword MyP4sswurd 
#AuthLDAPUrl ldap://my.domaincontroller.edu:389/DC=my.domaincontroller
.edu,DC=edu?sAMAccountName?sub?(objectClass*)
#require valid-user
#</Directory>

(these have been commented out, but it wasn't working when i tried it, i didn't even get an login prompt)

i'm kind of unsure if my syntax above is ok, whether or not i've compiled in the right modules/options, whether i should be putting the above directives directly into my httpd.conf file, or whether i should put these into an .htaccess file, etc.

anyone have any experience with auth_ldap/apache authentication to a win2k active directory? any pointers or recommendations would be welcome.  

thanks
redmond

-- 
FreeBSD 5.1-RELEASE-p10 FreeBSD 5.1-RELEASE-p10 #0: Fri Oct 3 21:30:51 CDT 2003
 9:30AM  up  1:11, 4 users, load averages: 0.03, 0.01, 0.05
 
Death is Nature's way of recycling human beings.
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031014/34c8eba7/attachment.bin

More information about the freebsd-questions mailing list