Librarium
Settings

Setting Up LDAP Authenticated Directory in Apache HTTPD

i12bretro
active directoryapacheapache httpdldapphpsystem administratorweb developerweb server

#PHP #ApacheHTTPD #ActiveDirectory

Full steps can be found at https://i12bretro.github.io/tutorials/0037.html

In this quick video learn how to setup LDAP Active Directory authentication on an Apache webserver to secure web based applications.

Active Directory Setup

  1. Open Active Directory Users and Computers
  2. Expand the domain - Users
  3. Right Click Users - New - User
  4. Create a read only account to use for LDAP binding First Name: Read Last Name: Only User logon name: readonly_svc
  5. Click Next
  6. Set the user's password and confirm it
  7. Uncheck User must change password on next logon
  8. Check User cannot change password
  9. Check Password never expires
  10. Click Next
  11. Click Finish
  12. Right Click Users - New - Group
  13. Give the group a name and click OK
  14. Right Click the newly created group - Properties
  15. Select the Members tab - Click Add...
  16. Add users that will be allowed access to the web application
  17. Click OK

Configuring Apache HTTPD for LDAP

  1. Navigate to the Apache install directory/conf in Explorer

  2. Edit httpd.conf in a text editor

  3. Find the authnz_ldap_module and make sure it is enabled by removing the # at the start of the line LoadModuleauthnz_ldap_modulemodules/mod_authnz_ldap.so

  4. Find the ldap_module and make sure it is enabled by removing the # at the start of the line LoadModuleldap_modulemodules/mod_ldap.so

  5. Create a Location block to enable LDAP authentication for the specified directory

    #BasicauthenticationwithLDAPagainstMSAD AuthTypeBasic AuthBasicProviderldap

    #AuthLDAPURLspecifiestheLDAPserverIP,port,baseDN,scopeandfilter #usingthisformat:ldap://host:port/basedn?attribute?scope?filter AuthLDAPURL"ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)"NONE

    #TheLDAPbindusernameandpassword AuthLDAPBindDN"readonly_svc@i12bretro.local" AuthLDAPBindPassword"Read0nly!!" LDAPReferralsOff AuthUserFile/dev/null

    AuthName"RestrictedArea[i12bretro.local]" #toauthenticateadomaingroup,specifythefullDN AuthLDAPGroupAttributeIsDNon requireldap-groupCN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local

  6. Save httpd.conf

  7. Restart the Apache service

  8. Open a browser and navigate to the LDAP authenticated URL

  9. An authentication prompt should appear, allowing only users in the A ... https://www.youtube.com/watch?v=ysqKUzgCCi4

2021-08-15
3.39132773 LBC
Copyrighted (contact publisher)

19527172 Bytes