[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [hobbit] Password Protected Areas?
- To: hobbit (at) hswn.dk
- Subject: RE: [hobbit] Password Protected Areas?
- From: Matthew Moldvan <mmoldvan (at) csc.com>
- Date: Wed, 18 Nov 2009 16:58:23 -0500
Here is our configuration in /etc/httpd/conf.d/hobbit-apache.conf that
allows us to authenticate against AD. Took a lot of searching to find the
solution, which was pretty obscure, so hopefully this helps. I've removed
the default comments, so you may want to put them back or have your own.
Note the "AuthzLDAPAuthoritative Off" ... that was the kicker in getting
it all to play nice.
<Directory "<xymon_install_path>/cgi-secure">
AllowOverride None
Options ExecCGI Includes
Order allow,deny
Allow from all
AuthType Basic
AuthBasicProvider ldap
AuthGroupFile <absolute_path_to_group_file>
AuthLDAPURL
"ldap://<ip_address>/dc=example,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)"
AuthName "Xymon Admin - Use your Windoze password"
AuthzLDAPAuthoritative off
Require valid-user
Require group <defined_inside_of_AuthGroupFile>
AuthLDAPBindDN
"CN=_<BindUser>,OU=<Org>,OU=<Another_Org>,DC=example,DC=domain,DC=com"
AuthLDAPBindPassword "<something_unwieldy>"
</Directory>
Unix System Administrator
Computer Science Corporation
General Dynamics Land Systems
38500 Mound Rd.
Sterling Heights, MI. 48310
Desk: (586) 825-8294
Oracle IM: moldvanm
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to
any order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for such
purpose.
RE: [hobbit] Password Protected Areas?
wiskbroom
to:
hobbit
11/13/2009 08:13 AM
Please respond to hobbit
Thank you Henrik!
> To: hobbit (at) hswn.dk
> From: henrik (at) hswn.dk
> Date: Fri, 13 Nov 2009 09:34:00 +0000
> Subject: Re: [hobbit] Password Protected Areas?
>
> In <BAY133-W98025609B24B9A43D30FBB4AA0 (at) phx.gbl> <wiskbroom> writes:
>
> >Really? You know of a way in which I can auth against AD and based on
> >page/pages in apache?
>
> Pages and subpages are just physical directories below
~hobbit/server/www/
> so you can setup standard Apache "<Directory ...>" definitions to impose
> access restrictions.
>
> As for authenticating against an AD, you must use the Apache
mod_auth_ldap
> module. If you google "apache auth active directory" it should give you
> some hints.
>
>
> Regards,
> Henrik