Show pageOld revisionsBacklinksExport to PDFBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Allow any Active Directory user to access a folder on Apache 2.4 hosted on Linux ====== When you need to protect a folder on your Apache 2.4 web server installed on a Linux system (on Ubuntu in my case), here is how you do it:First you need to enable Apache modules 'ldap' and 'authnz_ldap'. You can do it on Ubuntu 14.04 by issuing the following command: <code> sudo a2enmod authnz_ldap </code> It will enable both modules. Let's assume the following configuration: AD FQDN: sub.domain.intern AD server IP: 10.0.0.1 AD User: ldapqueryuser AD Password: ldapquerypassword Folder you want to protect is inside the default host: /var/www/html/ad Here is the code you need to paste into Apache config file: <code> <Directory /var/www/html/ad/> AuthLDAPBindDN "ldapqueryuser@sub.domain.intern" AuthLDAPBindPassword "ldapquerypassword" AuthLDAPURL "ldap://10.0.0.1:389/dc=sub,dc=domain,dc=intern?sAMAccountName?sub?(objectClass=*)" Order deny,allow Allow from all AuthLDAPBindAuthoritative off AuthType Basic AuthName "ENTER YOUR ACTIVE DIRECTORY CREDENTIALS" AuthBasicProvider ldap Require valid-user </Directory> </code> You can change the folder so you can protect the whole web site, or another sub folder. AuthLDAPBindDN, AutlLDAPBindPassword and AuthLDAPURL must be inside double quotes. I hope this helps you more than other tutorials helpded me. For more information on how to allow certain groups or list of users, visit the [[http://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html|Apache site]]. If you plan to run a PHP script in that location, the username will be available to PHP in the $_SERVER['REMOTE_USER'] variable. <code | Group membership> AuthName "AD authentication" AuthBasicProvider ldap AuthType Basic AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN On AuthLDAPURL ldap://{AD-Hostname/IP}:389/cn=Users,dc={your Domain DN}?sAMAccountName?sub?(objectClass=*) AuthLDAPBindDN cn=apache-connect,cn=Users,{your Domain DN} AuthLDAPBindPassword {password} require ldap-group cn=test,cn=Users,{your Domain DN} </code> linux/ubuntu/apache_ad.txt Last modified: 2019/10/31 09:05by 127.0.0.1