All HowTo's Cyber-Security Linux Ubuntu, Mint & Debian Linux Web Servers

Apache with LDAP authentication (Active Directory)

Apache has the ability to restrict access to websites (and sub directories within websites) based on users within Active Directory. Apache can also require that users be in a specific group. EG, if Sally exists in AD, she can log into the Apache served website.

<VirtualHost *:80>

 <Location />
  AuthBasicProvider ldap
  AuthType Basic
  AuthName "Sample Realm"
  AuthLDAPURL "ldap://ldap.mydomain.local:389/DC=mydomain,DC=local?sAMAccountName?sub?(objectClass=*)"
  AuthzLDAPAuthoritative off
  AuthLDAPBindDN "[email protected]"
  AuthLDAPBindPassword "MyPassword"
  AuthLDAPGroupAttributeIsDN on
  require valid-user
  #Consider restricting to a group
  #require ldap-group CN=apache_auth_users,OU=mydomain,DC=local

 LogLevel debug
 ServerAdmin [email protected]
 DocumentRoot /var/www/html/mywebsite
 ServerName mywebsite.local
 ErrorLog logs/mywebsite.logs
 CustomLog logs/mywebsite.logs common

You must make sure you have enabled the “mod_authnz_ldap” module which is enabled by default on a Red Hat Enterprise Linux server.

Leave a Reply

Your email address will not be published. Required fields are marked *