emgdave
asked on
Apache 2.2 LDAPS Authentication
Server Details
Windows server 2003 hosting
Apache 2.2 .10
Client certificate installed using certificate services server.
I exported the certificate and copied to c:\ldap\ldap.cer
I reference the certificate in the httpd.conf file below.
Objective for Intranet site
Authenticate clients upon arrival of protected web pages.
Authentication must be given to only members of a particular group, the Web group.
Authentication Method: authnz_ldap_module for Apache.
Use SSL to encrypt the authentication session. Via mod_ldap.so
I have used LDAP.exe and did create a connection to the LDAP server using the LDAP.exe tool.
#LDAPTrustedClientCert c:\ldap\ldap.cer
<Directory D:\web\intranet\Informatio n-Services \Staff>
AuthType Basic
AuthName "Web"
AuthBasicProvider ldap
AuthLDAPBindDN Web@mc.ad.ll.org
AuthLDAPBindPassword password*1
AuthLDAPURL "ldap://ActiveDirectory:38 9/DC=mc,DC =ad,DC=ll, DC=org?sAM AccountNam e?sub?(obj ectClass=* )"
AuthLDAPURL ldaps://ActiveDirectory:63 6 /DC=mc,DC=ad,DC=ll,DC=org? sAMAccount Name?sub?( objectClas s=*)"
require ldap-attribute objectClass=user
#when I use the above directive I can authenticate to the ldap server, however other users can authenticate that should not be able to see the content.
#Require ldap-group cn=Web, ou=Web Groups, ou=Global Security Groups, dc=mc, dc=ad, dc=ll, dc=org
#When I use the directive above I cannot authenticate at all. This is the error I receive
Thu May 07 10:33:29 2009] [error] [client 192.168.0.70] File does not exist:
</Directory>
LDAP server: Windows server 2003 SP2 Active Directory
Thanks for your help.
Windows server 2003 hosting
Apache 2.2 .10
Client certificate installed using certificate services server.
I exported the certificate and copied to c:\ldap\ldap.cer
I reference the certificate in the httpd.conf file below.
Objective for Intranet site
Authenticate clients upon arrival of protected web pages.
Authentication must be given to only members of a particular group, the Web group.
Authentication Method: authnz_ldap_module for Apache.
Use SSL to encrypt the authentication session. Via mod_ldap.so
I have used LDAP.exe and did create a connection to the LDAP server using the LDAP.exe tool.
#LDAPTrustedClientCert c:\ldap\ldap.cer
<Directory D:\web\intranet\Informatio
AuthType Basic
AuthName "Web"
AuthBasicProvider ldap
AuthLDAPBindDN Web@mc.ad.ll.org
AuthLDAPBindPassword password*1
AuthLDAPURL "ldap://ActiveDirectory:38
AuthLDAPURL ldaps://ActiveDirectory:63
require ldap-attribute objectClass=user
#when I use the above directive I can authenticate to the ldap server, however other users can authenticate that should not be able to see the content.
#Require ldap-group cn=Web, ou=Web Groups, ou=Global Security Groups, dc=mc, dc=ad, dc=ll, dc=org
#When I use the directive above I cannot authenticate at all. This is the error I receive
Thu May 07 10:33:29 2009] [error] [client 192.168.0.70] File does not exist:
</Directory>
LDAP server: Windows server 2003 SP2 Active Directory
Thanks for your help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you
ASKER
But i am curios to know what the strings at the end of the ldap url mean. And also on the require directive.
Can you point me to some documentation on what they mean so i can correctly craft my apache directives and know what they are actually doing? eg. ?sAMAccountName?sub?(objec
Thanks