Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Apache 2 - LDAP/Active Directory - Automatic login/authentication process

Tags:

authentication

windows

apache

active-directory

Is there a fully automated way to authentication a user using IE8+ with Apache without the user having to enter any form of credentials? Running IIS is not really an option even tho i'm running Windows.

I've found some Perl based solutions that should work but i could only get it to work on *Nix with a LOT of fuzzing around.

I'm currently using authnz_ldap_module which works great, but the users are really cranky and annoyed by having to put in their user-id and password for each new session that they open.

Any ideas?

like image 638
Torxed Avatar asked Apr 11 '12 12:04

Torxed

People also ask

How do I authenticate users using LDAP?

In order to authenticate a user with an LDAP directory you first need to obtain their DN as well as their password. With a login form, people typically enter a simple identifier such as their username or email address. You don't expect them to memorise the DN of their directory entry.

What is Active Directory and LDAP authentication?

Lightweight Directory Access Protocol (LDAP) is an application protocol for working with various directory services. Directory services, such as Active Directory, store user and account information, and security information like passwords.

What is AuthLDAPBindDN?

AuthLDAPBindDN - The LDAP entry that will be used to locate the users. AuthLDAPBindPassword - The password for the user specified above. require valid-user - This directive selects which authenticated users can access a resource. The "valid-user" value implies if the user can bind, then they are allowed.

Is LDAP a Windows authentication?

Both Windows Active Directory and LDAP can be used to allow users to connect to Serv-U by using Active Directory credentials. Additionally, LDAP allows for authentication against other LDAP servers such as Apache Directory Server and OpenLDAP.

1 Answers

I've been having the same problem myself today after eventually getting the mod_authnz_ldap module to work.

From my research thus far, I gather you can't do seamless signon with the mod_authnz_ldap module and you'll have to use mod_auth_sspi instead. I've tried this out and it seems to work as expected (on Internet Explorer anyway - you can also configure Firefox to pass through by modifying the network.automatic-ntlm-auth.trusted-uris key).

Here's the steps:

  1. Download the mod_auth_sspi module from http://sourceforge.net/projects/mod-auth-sspi/
  2. From the zip file's bin folder, copy mod_auth_sspi.so to your apache modules folder
  3. From the zip file's bin folder, copy sspipkgs.exe to your apache bin folder
  4. Edit httpd.conf so that the Directory is configured something like this:
 Alias /secure "C:/Secure"
 <Directory "C:/Secure">
 Order deny,allow
 Allow from all

 AuthType SSPI
 SSPIAuth On
 SSPIOfferBasic on
 SSPIBasicPreferred On
 SSPIAuthoritative Off
 AuthName "Login"
 SSPIDomain dc.domain

 Require valid-user
 </Directory>

Now restart Apache.

Unfortunately, after all that it's no good for me as a solution as I have multiple LDAP servers to authenticate against, but hopefully this will help you.

like image 177
misterjaytee Avatar answered Sep 25 '22 07:09

misterjaytee
Sign in to Comment

Related questions

Creating a MSI patch (.msp) by hand?
About the entry point of PE in Windows
Get an IP_ADDRESS_STRING from GetAdaptersAddresses()?
Proguard error: Expecting class path seperator - not sure where I need to put a path in quotes
How do I iterate over a set of folders in Windows Shell?
Using C# How to detect if Windows Installer 4.5 is Installed
How to change folder icons with Python on windows?
64bit architecture - character pointer truncated while returning from function
rmagick under windows
Weird behavior of Java -Xmx on large amounts of ram
How to bring other app window to front without activating it?
Why does COM CoInitializeSecurity fail in my DLL?
Get string descriptor using PyUSB usb.util.get_string()
Best way to share vim configuration between cygwin-vim and windows-gvim and launch it
Is it possible to embed a command prompt in a win32 app?
How to trace handle leaks?
Git submodule mess: how to use git submodules with developers not familiar with git?
Sleep() is a bad design, but appears to be my only option
How to extract resources from .msi files
Fastest way to get shell icon

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!