Howto Ldap Auth: Difference between revisions
From Pumping Station One
m Bot: Cosmetic changes |
No edit summary |
||
| Line 79: | Line 79: | ||
#list domain Admins | #list domain Admins | ||
ldapsearch -ZZ -v -x -H ldap://bob.ad.pumpingstationone.org -b "CN=Users,DC=ad,DC=pumpingstationone,DC=org" -D "PS1\myuser" -W "CN=Domain Admins" | ldapsearch -ZZ -v -x -H ldap://bob.ad.pumpingstationone.org -b "CN=Users,DC=ad,DC=pumpingstationone,DC=org" -D "PS1\myuser" -W "CN=Domain Admins" | ||
== Apache mod_auth_ldap == | |||
The following example is useful for making members-only sites and web apps | |||
#Very important, Don't bind in cleartext. Can't be defined as part of your location or directory block, so make sure you don't skip it. | |||
LDAPTrustedMode TLS | |||
<Location/protected> | |||
AuthName "AD Authentication" | |||
AuthType Basic | |||
AuthUserFile /dev/null | |||
AuthBasicProvider ldap | |||
#LDAP-URI will be bob.ad.pumpingstationone.org for internal apps, space.pumpingstationone.org for external apps. | |||
AuthLDAPURL "ldap://[[LDAP-URI]/cn=Users,dc=ad,dc=pumpingstationone,dc=org?sAMAccountName?sub?(objectClass=*)" | |||
#You should generate a new account per authenticated service. Just create a new user on the DC. | |||
AuthLDAPBindDN cn=[SERVICE-ACCOUNT],cn=Users,dc=ad,dc=pumpingstationone,dc=org | |||
AuthLDAPBindPassword [SERVICE-ACCOUNT-PASSWORD] | |||
#Set require where appropriate, example shows "All valid users" and "Domain admins only" (commented out) | |||
#Require ldap-group cn=Domain Admins,cn=users,dc=ad,dc=pumpingstationone,dc=org | |||
Require valid-user | |||
</Location> | |||
