thr3ads.net - samba - [Samba] Working configuration for Apache 2.4 auth vs Samba 4 AD [Oct 2015]

If this information is useful, please help other people find it:
Share via:

Julien Deloubes

2015-Oct-07 22:25 UTC

[Samba] Working configuration for Apache 2.4 auth vs Samba 4 AD

Hello,
had some problem to authenticate users with AD with my Apache 2.4 website
following the wiki page:
https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Directory#Basic_LDAP_authentication

Here is my working configuration (thanks to
http://httpd.apache.org/docs/2.4/en/mod/mod_authnz_ldap.html)

First you need authnz_ldap module for Apache.

<Location />
AuthName "AD authentication"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN On
AuthLDAPURL "ldap://addc1:3268/?sAMAccountName?sub
AuthLDAPBindDN apache-connect at contoso.com
AuthLDAPBindPassword password
Require ldap-group CN=Sysadmins_GRP,OU=groups,OU=company,DC=contoso,DC=com
</Location>

Hope this will help someone and could be a good idea to update the wiki
page.

L.P.H. van Belle

2015-Oct-08 08:10 UTC

head link

[Samba] Working configuration for Apache 2.4 auth vs Samba 4 AD

Hai, 

In addition to the solution below, which can be a cpu saver. 

    AuthLDAPMaxSubGroupDepth 1


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Julien Deloubes
> Verzonden: donderdag 8 oktober 2015 0:25
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Working configuration for Apache 2.4 auth vs Samba 4 AD
> 
> Hello,
> had some problem to authenticate users with AD with my Apache 2.4 website
> following the wiki page:
> https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Dire
> ctory#Basic_LDAP_authentication
> 
> Here is my working configuration (thanks to
> http://httpd.apache.org/docs/2.4/en/mod/mod_authnz_ldap.html)
> 
> First you need authnz_ldap module for Apache.
> 
> <Location />
> AuthName "AD authentication"
> AuthBasicProvider ldap
> AuthType Basic
> AuthLDAPGroupAttribute member
> AuthLDAPGroupAttributeIsDN On
> AuthLDAPURL "ldap://addc1:3268/?sAMAccountName?sub
> AuthLDAPBindDN apache-connect at contoso.com
> AuthLDAPBindPassword password
> Require ldap-group CN=Sysadmins_GRP,OU=groups,OU=company,DC=contoso,DC=com
> </Location>
> 
> Hope this will help someone and could be a good idea to update the wiki
> page.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Possibly Parallel Threads

Search for more apparently analagous threads

samba - Oct 2015 - Working configuration for Apache 2.4 auth vs Samba 4 AD

[Samba] Working configuration for Apache 2.4 auth vs Samba 4 AD

[Samba] Working configuration for Apache 2.4 auth vs Samba 4 AD

Possibly Parallel Threads