[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [hobbit] Password Protected Areas?
- To: <hobbit (at) hswn.dk>
- Subject: RE: [hobbit] Password Protected Areas?
- From: <wiskbroom (at) hotmail.com>
- Date: Thu, 19 Nov 2009 09:15:44 -0500
- Importance: Normal
- References: <BAY133-W2406AD1169C57B7F682437B4A80 (at) phx.gbl>,<OF48566EEE.0E75CCC2-ON85257672.00784DE0-85257672.0078A037 (at) csc.com>
Thanks Matt, can't wait to try this out!
.vp
>
> Here is our configuration in /etc/httpd/conf.d/hobbit-apache.conf
> that allows us to authenticate against AD. Took a lot of searching
> to find the solution, which was pretty obscure, so hopefully this helps.
> I've removed the default comments, so you may want to put them back
> or have your own.
>
>
>
> Note the "AuthzLDAPAuthoritative
> Off" ... that was the kicker in getting it all to play nice.
>
>
>
>
>
> AllowOverride None
>
> Options ExecCGI Includes
>
> Order allow,deny
>
> Allow from all
>
> AuthType Basic
>
> AuthBasicProvider ldap
>
> AuthGroupFile
>
> AuthLDAPURL "ldap:///dc=example,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)"
>
> AuthName "Xymon Admin
> - Use your Windoze password"
>
> AuthzLDAPAuthoritative
> off
>
> Require valid-user
>
> Require group
>
> AuthLDAPBindDN
> "CN=_,OU=,OU=,DC=example,DC=domain,DC=com"
>
> AuthLDAPBindPassword
> ""
>
>
>
>
>
> Unix System Administrator
>
> Computer Science Corporation
>
> General Dynamics Land Systems
>
> 38500 Mound Rd.
>
> Sterling Heights, MI. 48310
>
> Desk: (586) 825-8294
>
> Oracle IM: moldvanm
>
>
>
> This is a PRIVATE message. If you are not the intended recipient, please
> delete without copying and kindly advise us by e-mail of the mistake in
> delivery.
>
> NOTE: Regardless of content, this e-mail shall not operate to bind CSC
> to any order or other contract unless pursuant to explicit written agreement
> or government initiative expressly permitting the use of e-mail for such
> purpose.
>
>
>
>
>
>
>
>
> [http://gfx1.hotmail.com/mail/w4/pr01/ltr/i_safe.gif]
>
>
>
> RE: [hobbit] Password
> Protected Areas?
>
>
>
>
>
> wiskbroom
> to:
> hobbit
>
> 11/13/2009 08:13 AM
>
>
>
>
>
> Please respond to hobbit
>
>
>
>
>
>
>
>
> ________________________________
>
>
>
>
>
>
> Thank you Henrik!
>
>
>
>> To: hobbit (at) hswn.dk
>
>> From: henrik (at) hswn.dk
>
>> Date: Fri, 13 Nov 2009 09:34:00 +0000
>
>> Subject: Re: [hobbit] Password Protected Areas?
>
>>
>
>> In
> writes:
>
>>
>
>>>Really? You know of a way in which I can auth against AD and based
> on
>
>>>page/pages in apache?
>
>>
>
>> Pages and subpages are just physical directories below ~hobbit/server/www/
>
>> so you can setup standard Apache ""
> definitions to impose
>
>> access restrictions.
>
>>
>
>> As for authenticating against an AD, you must use the Apache mod_auth_ldap
>
>> module. If you google "apache auth active directory" it
> should give you
>
>> some hints.
>
>>
>
>>
>
>> Regards,
>
>> Henrik
>
>
>