[TriLUG] Subversion/apache/Active Directory configuration
Craig Cook
cncook001 at yahoo.com
Wed Jul 17 13:26:53 EDT 2013
>I am having a tough go of trying to get apache to use Active Directory for authentication.
Yup. This was a challenge
Make sure you have a "service account" to bind to AD. This account must be able to do LDAP lookups.
Note: port 3268 is used.
Here is one way to do it (Apache 2.x):
<VirtualHost myhost.example.com:80>
ErrorLog logs/example.error_log
CustomLog logs/example.access_log combined
<Location /example>
AuthType basic
AuthzLDAPAuthoritative on
AuthName "example repository"
AuthBasicProvider ldap
AuthLDAPUrl "ldap://exampleAD.example.com:3268/dc=example,dc=com?sAMAccountName?sub?(objectClass=user)" NONE
AuthLDAPBindDN "cn=example_ldap,ou=Service Accounts,dc=example,dc=com"
AuthLDAPBindPassword BigSecret01
require ldap-group CN=Example Group,OU=Groups,OU=example,DC=example,DC=com
</Location>
<Directory "/usr/local/example/docs">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Craig
More information about the TriLUG
mailing list