Find the answer to your Linux question:
Results 1 to 7 of 7
Hello, I've been trying to get Apache and Active Directory authentication working properly. My understanding is that I need to have mod_auth_ldap compiled in Apache. That said, I'm still baffled ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2008
    Location
    127.0.0.1
    Posts
    7

    Apache and LDAP authentication


    Hello,

    I've been trying to get Apache and Active Directory authentication working properly. My understanding is that I need to have mod_auth_ldap compiled in Apache. That said, I'm still baffled why I'm unable to get it running.

    That said, I have the following specs:

    RHEL4U4 - 2.6.9-42.ELsmp
    httpd -v 2.0.52
    mod_auth_ldap

    I was following a cook book to see if Ican get it working: Security - Active Directory Security Groups for Apache Authorization

    My question to you is:

    Has anyone gotten AD authentication working with Apache?

    I mean really really working I can search for cook books all day long, unfortunately nearly all of them use the same reiterated content.

    If you have anything that might help me out would be appreciated. I can provide more details on the confs, etc. when needed.

    Thanks!

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    Quote Originally Posted by willywill View Post
    Has anyone gotten AD authentication working with Apache?
    yes
    I mean really really working I can search for cook books all day long, unfortunately nearly all of them use the same reiterated content.
    really really yes
    If you have anything that might help me out would be appreciated. I can provide more details on the confs, etc. when needed.

    Thanks!
    I use debian and installed apache and apache ldap modules using debian binaries, so I can't really help much with compliling. but if you post you configure script and maybe an apache confi file I might be able to get you going.

    I personnally dislike breaking the distro package manager unless its absolutely necessary. that being said I know you can install an apache binary on redhat (yum install apache), and I just found this module RPM resource mod_authz_ldap

    in my setup I have different virtual hosts on the same server, some using different ldap (AD) setups and some not using any authentication at all. give me some more info and lets see if we can get you going.

  3. #3
    Just Joined!
    Join Date
    Jun 2008
    Location
    127.0.0.1
    Posts
    7
    Alright here, is what I have for the repos.conf under conf.d:

    Code:
    <VirtualHost *:80>
        ServerName svn.domain.com
        ServerAlias svn svn.hq subversion
    
        SetOutputFilter DEFLATE
    
        DocumentRoot /var/www/html/
    
        ErrorLog logs/svn.hq.domain.com.error
        CustomLog logs/svn.hq.domain.com common
    
        <Location "/">
            AuthBasicProvider ldap
            AuthType Basic
            AuthzLDAPAuthoritative off
            AuthName "Domain User Required:"
            AuthLDAPURL "ldap://corp.domain.com:389/DC=corp,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
            AuthLDAPBindDN "CN=unixldap,CN=Special Accounts,CN=IK-Accounts,DC=corp,DC=domain,DC=com"
            AuthLDAPBindPassword "blah"
    
            require valid-user
    
    <LimitExcept GET PROPFIND OPTIONS REPORT>
             require ldap-group CN=Special Security Groups,CN=SW SVN,DC=corp,DC=domain,DC=com
            </LimitExcept>
    </Location>
    </VirtualHost>
    Apache server modules:

    Server Settings, mod_cgi.c, mod_mem_cache.c, mod_file_cache.c, mod_disk_cache.c, mod_suexec.c, mod_cache.c, proxy_connect.c, proxy_http.c, proxy_ftp.c, mod_proxy.c, mod_rewrite.c, mod_alias.c, mod_userdir.c, mod_speling.c, mod_actions.c, mod_imap.c, mod_dir.c, mod_negotiation.c, mod_vhost_alias.c, mod_dav_fs.c, mod_info.c, mod_asis.c, mod_autoindex.c, mod_status.c, mod_dav.c, mod_mime.c, mod_setenvif.c, mod_usertrack.c, mod_headers.c, mod_deflate.c, mod_expires.c, mod_cern_meta.c, mod_mime_magic.c, mod_env.c, mod_log_config.c, mod_include.c, mod_auth_ldap.c, util_ldap.c, mod_auth_digest.c, mod_auth_dbm.c, mod_auth_anon.c, mod_auth.c, mod_access.c, mod_so.c, http_core.c, prefork.c, core.c

    I receive an error when I try to start HTTPD:

    Invalid command 'AuthBasicProvider', perhaps mis-spelled or defined by a module not included in the server configuration

    My understsanding is that 'AuthBasicProvider' is part of some other module, not sure, which.

    I haven't queried ldap just yet. However, I've setup LDAP authentication for users before, and that works, so the liklihood of this being on layer 2 is low.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    here is one of my virtual hosts
    Code:
    <Location />
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative Off
            AuthName "The Biltmore Company"
        AuthLDAPURL "ldap://myserver.my.domain.com/ou=it,ou=departments,dc=my,dc=domain,dc=com?sAMAccountName"
        AuthLDAPBindDN "myusername@my.domain.com"
        AuthLDAPBindPassword "mypassword"
        require valid-user
    </location>
    and then here are the modules apache is currently loading
    Code:
    alias.load -> ../mods-available/alias.load
    auth_basic.load -> ../mods-available/auth_basic.load
    authn_file.load -> ../mods-available/authn_file.load
    authnz_ldap.load -> /etc/apache2/mods-available/authnz_ldap.load
    authz_default.load -> ../mods-available/authz_default.load
    authz_groupfile.load -> ../mods-available/authz_groupfile.load
    authz_host.load -> ../mods-available/authz_host.load
    authz_user.load -> ../mods-available/authz_user.load
    autoindex.load -> ../mods-available/autoindex.load
    cgi.load -> ../mods-available/cgi.load
    dir.conf -> ../mods-available/dir.conf
    dir.load -> ../mods-available/dir.load
    env.load -> ../mods-available/env.load
    headers.load -> /etc/apache2/mods-available/headers.load
    ldap.load -> /etc/apache2/mods-available/ldap.load
    mime.load -> ../mods-available/mime.load
    negotiation.load -> ../mods-available/negotiation.load
    php5.conf -> ../mods-available/php5.conf
    php5.load -> ../mods-available/php5.load
    proxy.conf -> /etc/apache2/mods-available/proxy.conf
    proxy_html.load -> ../mods-available/proxy_html.load
    proxy_http.load -> /etc/apache2/mods-available/proxy_http.load
    proxy.load -> /etc/apache2/mods-available/proxy.load
    rewrite.load -> ../mods-available/rewrite.load
    setenvif.load -> ../mods-available/setenvif.load
    ssl.conf -> ../mods-available/ssl.conf
    ssl.load -> ../mods-available/ssl.load
    status.load -> ../mods-available/status.load
    from mine to yours I notice you don't have a auth_basic module, probably why you are getting the error. I have also heard from other sources that something is wrong with my domain causing me to use username@my.domain, so your method using the full dn of the user is probably correct. but if you get the basic provider error worked out and can't authenticate then try username@my.domain.com

    report back with troubles

  6. #5
    Just Joined!
    Join Date
    Jun 2008
    Location
    127.0.0.1
    Posts
    7
    Thanks for replying. I'm curious, what Apache version are you running? 2.2.x? It seems when I lookup information on mod_auth_basic, it refers to Apache versions 2.1 and above.

    Seeing that I'm running 2.0.59, I think I might have stumbled on the issue. Agreed?

  7. #6
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    Quote Originally Posted by willywill View Post
    Thanks for replying. I'm curious, what Apache version are you running? 2.2.x? It seems when I lookup information on mod_auth_basic, it refers to Apache versions 2.1 and above.

    Seeing that I'm running 2.0.59, I think I might have stumbled on the issue. Agreed?
    possibly, I am running 2.2.3, there should be a basic auth module for 2.0.59 though, at least I would think there should be.

  8. #7
    Just Joined!
    Join Date
    Jun 2008
    Location
    127.0.0.1
    Posts
    7
    Thanks, for some reason 2.0.59 just doesn't compile with mod_auth_basic. So, I compliled 2.2.9 but now I have problems getting mod_authz_ldap to compile I'll have to post a new thread for that.

    Thanks for your help though.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •