Nethence Newdoc Olddoc Lab Your IP BBDock  

Warning: those guides are mostly obsolete, please have a look at the new documentation.


Setting up Apache 2.4 for AD authentication (with and without LDAPS)
Tested on ubuntu srv 14 LTS - apache 2.4
AD/LDAP Configuration
Using non-ssl on port 3268,
<Directory /var/www/html/private>
# Using this to bind
AuthLDAPBindDN "CN=apache4ad,OU=IT,OU=OUDC=domain,DC=tld" 
AuthLDAPBindPassword "PASSWORD" 
# Search user
AuthLDAPURL "ldap://AD_ADDRESS:3268/dc=domain,dc=tld?sAMAccountName?sub?(objectClass=*)" 
AuthType Basic
AuthBasicProvider ldap
require valid-user
Additional notes
More sample configs in case of troubles,
# AuthLDAPGroupAttribute member
# AuthLDAPGroupAttributeIsDN on
#LDAPReferrals Off
#AuthzLDAPAuthoritative off
# Use the password without quotes, e.g. password instead of "password"
#AuthLDAPBindPassword password
AD/LDAPS Configuration
Using SSL on port 3269,
LDAPVerifyServerCert off
LDAPTrustedMode SSL
LDAPTrustedGlobalCert CERT_BASE64 /etc/apache2/ssl/provided.cer
<Directory /var/www/html/private>
AuthBasicProvider ldap
AuthType Basic
#removed from 2.4 AuthzLDAPAuthoritative on
#AuthLDAPURL "ldaps://AD_FQDN:636/DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*)" SSL
AuthLDAPURL "ldaps://AD_FQDN:3269/DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*)" SSL
AuthLDAPBindDN "apache4ad@domain.tld"
AuthLDAPBindPassword "PASSWORD"
#getting a 500 error when using this,
  require valid-user
#require user apache4ad@domain.tld
# AD auth
# 3269 port
# ports
Apache Module mod_ldap:
Upgrading to 2.4 from 2.2:
Apache Module mod_authnz_ldap:
Bug 807491 - LDAPS is not working if LDAPTrustedGlobalCert is defined:
Apache LDAP authenticiation:
LDAP-based Apache auth (mod_ldap + mod_authnz_ldap) using own CA for SSL/TLS:
The definitive guide of connecting Apache via LDAP SSL to ActiveDirectory + Subversion:
Issues with Apache 2.4.x and mod_ldap & mod_authnz_ldap:
Setting up Apache and OpenLDAP to use Microsoft's ActiveDirectory:
If you get this error,
Invalid command 'AuthzLDAPAuthoritative', perhaps misspelled or defined by a module not included in the server configuration
It's probably because you switched from Apache 2.2 to 2.4. Remove 'AuthzLDAPAuthoritative' and proceed as described above.
# AH01626: authorization result of Require valid-user : denied (no authenticated user yet)

(obsolete, see the new doc)