• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 454
  • Last Modified:

Using LDAP to update .htpasswd

I run a Windows Server 2003 box locally and want to be able to update the .htpasswd files on a remotely hosted apache server running on a linux box.  I have no access to the linux box, but can usually get the company to do pretty much anything I need as long as it only effects me.

Any ideas on how to either use my Active Directory for the remote authentication or to update .htpasswd from my Active Directory?  Perhaps using php and LDAP??

Thanks in advance.
0
Eriador
Asked:
Eriador
  • 2
  • 2
1 Solution
 
ahoffmannCommented:
something like following in your .htaccess:

   AuthName "confidential data"
   AuthType Basic
   #
   # following most likely not working
   #AuthLDAPUrl ldap://ldap.xxx.xxxxx.xxx/OU=Departments,OU=xxxxxxxx,DC=ad,DC=xxx,DC=xxxxx,DC=xxx?sAMAccountName?sub?(objectclass=person)
   # --- openldap
   AuthLDAPHosts "FQDN"
   AuthLDAPBindDN "cn=Manager,...,dc=xxx-xxx,dc=de"
   AuthLDAPBindPassword password
   AuthLDAPBaseDN "..,dc=xxx,dc=xxx-xxx,dc=de"
   #
   AuthLDAPSearchScope subtree
   AuthLDAPUserKey uid
   AuthLDAPPassKey userPassword
   #
   # --- Base64 encodced
   AuthLDAPSchemePrefix off
   #
   <Limit GET POST>
        require valid-user
   </Limit>

you have to decide yourself if you can use LDAPUrl or need to use the parts of it with LDAPHost, LDAPBindDN, etc.
0
 
EriadorAuthor Commented:
It would appear that my host does not have PerLDAP installed and does not intend to install it.  Any other ideas?
0
 
ahoffmannCommented:
> PerLDAP
is this a typo?

If you apache does not support LDAP, then you need to update your .htpasswd with the proper passwords which is not simple (except they are  stored plain text in AD, hopefully not).
You cannot decrypt the password, hence you need to know the plain text of it, otherwise there is no way.
IIRC .htaccess can be tweaked to use external programs for authentication, but never have done it myself, so can't help there.
0
 
EriadorAuthor Commented:
Sorry.  Was out of pocket for a little while.

PerLDAP was not a typo, it is the perl LDAP module for Apache (the one I found anyway).  I have since found a module that I was able to install though SSH, but only on my account (I'm on a shared server).  This would work just fine in any other instance, but it will not update htpasswd.  I guess the only option here is to come up with a script that will retreive the passwords via LDAP (I am storing them in a reversable encryption), then write them to .htpasswd with server-side scripting (eg. PHP).  Any thoughts on this?

Thanks.
0
 
moduloCommented:
PAQed with points refunded (250)

modulo
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now