Nethence Documentation Lab Webmail Your IP BBDock  

Those documents are obsolete, please use the Nethence Documentation instead.


Setting up Apache 2.4 for AD authentication (with and without LDAPS)
Tested on ubuntu srv 14 LTS - apache 2.4
AD/LDAP Configuration
Using non-ssl on port 3268,
<Directory /var/www/html/private>

# Using this to bind
AuthLDAPBindDN "CN=apache4ad,OU=IT,OU=OUDC=domain,DC=tld" 
AuthLDAPBindPassword "PASSWORD" 

# Search user
AuthLDAPURL "ldap://AD_ADDRESS:3268/dc=domain,dc=tld?sAMAccountName?sub?(objectClass=*)" 

AuthType Basic
AuthBasicProvider ldap
require valid-user
Additional notes
More sample configs in case of troubles,
# AuthLDAPGroupAttribute member
# AuthLDAPGroupAttributeIsDN on
#LDAPReferrals Off
#AuthzLDAPAuthoritative off
# Use the password without quotes, e.g. password instead of "password"
#AuthLDAPBindPassword password
AD/LDAPS Configuration
Using SSL on port 3269,
LDAPVerifyServerCert off
LDAPTrustedMode SSL
LDAPTrustedGlobalCert CERT_BASE64 /etc/apache2/ssl/provided.cer

<Directory /var/www/html/private>
AuthBasicProvider ldap
AuthType Basic
#removed from 2.4 AuthzLDAPAuthoritative on
#AuthLDAPURL "ldaps://AD_FQDN:636/DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*)" SSL
AuthLDAPURL "ldaps://AD_FQDN:3269/DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*)" SSL
AuthLDAPBindDN "apache4ad@domain.tld"
AuthLDAPBindPassword "PASSWORD"
#getting a 500 error when using this,
  require valid-user
#require user apache4ad@domain.tld
# AD auth
# 3269 port
# ports
Apache Module mod_ldap
Upgrading to 2.4 from 2.2
Apache Module mod_authnz_ldap
Bug 807491 - LDAPS is not working if LDAPTrustedGlobalCert is defined
Apache LDAP authenticiation
LDAP-based Apache auth (mod_ldap + mod_authnz_ldap) using own CA for SSL/TLS
The definitive guide of connecting Apache via LDAP SSL to ActiveDirectory + Subversion
Issues with Apache 2.4.x and mod_ldap & mod_authnz_ldap
Setting up Apache and OpenLDAP to use Microsoft's ActiveDirectory
If you get this error,
Invalid command 'AuthzLDAPAuthoritative', perhaps misspelled or defined by a module not included in the server configuration
It's probably because you switched from Apache 2.2 to 2.4. Remove 'AuthzLDAPAuthoritative' and proceed as described above.
# AH01626: authorization result of Require valid-user : denied (no authenticated user yet)

Last update: Mar 30, 2016