Is there a fully automated way to authentication a user using IE8+ with Apache without the user having to enter any form of credentials? Running IIS is not really an option even tho i'm running Windows.
I've found some Perl based solutions that should work but i could only get it to work on *Nix with a LOT of fuzzing around.
I'm currently using authnz_ldap_module which works great, but the users are really cranky and annoyed by having to put in their user-id and password for each new session that they open.
Any ideas?
In order to authenticate a user with an LDAP directory you first need to obtain their DN as well as their password. With a login form, people typically enter a simple identifier such as their username or email address. You don't expect them to memorise the DN of their directory entry.
Lightweight Directory Access Protocol (LDAP) is an application protocol for working with various directory services. Directory services, such as Active Directory, store user and account information, and security information like passwords.
AuthLDAPBindDN - The LDAP entry that will be used to locate the users. AuthLDAPBindPassword - The password for the user specified above. require valid-user - This directive selects which authenticated users can access a resource. The "valid-user" value implies if the user can bind, then they are allowed.
Both Windows Active Directory and LDAP can be used to allow users to connect to Serv-U by using Active Directory credentials. Additionally, LDAP allows for authentication against other LDAP servers such as Apache Directory Server and OpenLDAP.
I've been having the same problem myself today after eventually getting the mod_authnz_ldap
module to work.
From my research thus far, I gather you can't do seamless signon with the mod_authnz_ldap
module and you'll have to use mod_auth_sspi
instead. I've tried this out and it seems to work as expected (on Internet Explorer anyway - you can also configure Firefox to pass through by modifying the network.automatic-ntlm-auth.trusted-uris
key).
Here's the steps:
Alias /secure "C:/Secure" <Directory "C:/Secure"> Order deny,allow Allow from all AuthType SSPI SSPIAuth On SSPIOfferBasic on SSPIBasicPreferred On SSPIAuthoritative Off AuthName "Login" SSPIDomain dc.domain Require valid-user </Directory>
Now restart Apache.
Unfortunately, after all that it's no good for me as a solution as I have multiple LDAP servers to authenticate against, but hopefully this will help you.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With