Using LDAP to update .htpasswd

Posted on 2005-04-12
Last Modified: 2012-05-05
I run a Windows Server 2003 box locally and want to be able to update the .htpasswd files on a remotely hosted apache server running on a linux box.  I have no access to the linux box, but can usually get the company to do pretty much anything I need as long as it only effects me.

Any ideas on how to either use my Active Directory for the remote authentication or to update .htpasswd from my Active Directory?  Perhaps using php and LDAP??

Thanks in advance.
Question by:Eriador
    LVL 51

    Expert Comment

    something like following in your .htaccess:

       AuthName "confidential data"
       AuthType Basic
       # following most likely not working
       #AuthLDAPUrl ldap://,OU=xxxxxxxx,DC=ad,DC=xxx,DC=xxxxx,DC=xxx?sAMAccountName?sub?(objectclass=person)
       # --- openldap
       AuthLDAPHosts "FQDN"
       AuthLDAPBindDN "cn=Manager,...,dc=xxx-xxx,dc=de"
       AuthLDAPBindPassword password
       AuthLDAPBaseDN "..,dc=xxx,dc=xxx-xxx,dc=de"
       AuthLDAPSearchScope subtree
       AuthLDAPUserKey uid
       AuthLDAPPassKey userPassword
       # --- Base64 encodced
       AuthLDAPSchemePrefix off
       <Limit GET POST>
            require valid-user

    you have to decide yourself if you can use LDAPUrl or need to use the parts of it with LDAPHost, LDAPBindDN, etc.

    Author Comment

    It would appear that my host does not have PerLDAP installed and does not intend to install it.  Any other ideas?
    LVL 51

    Expert Comment

    > PerLDAP
    is this a typo?

    If you apache does not support LDAP, then you need to update your .htpasswd with the proper passwords which is not simple (except they are  stored plain text in AD, hopefully not).
    You cannot decrypt the password, hence you need to know the plain text of it, otherwise there is no way.
    IIRC .htaccess can be tweaked to use external programs for authentication, but never have done it myself, so can't help there.

    Author Comment

    Sorry.  Was out of pocket for a little while.

    PerLDAP was not a typo, it is the perl LDAP module for Apache (the one I found anyway).  I have since found a module that I was able to install though SSH, but only on my account (I'm on a shared server).  This would work just fine in any other instance, but it will not update htpasswd.  I guess the only option here is to come up with a script that will retreive the passwords via LDAP (I am storing them in a reversable encryption), then write them to .htpasswd with server-side scripting (eg. PHP).  Any thoughts on this?


    Accepted Solution

    PAQed with points refunded (250)

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting ( to http…
    If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
    This video discusses moving either the default database or any database to a new volume.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now