----- Original Message ----- From: "Andy France" <Andy at zespri.com> To: <hobbit at hswn.dk> Sent: Tuesday, April 19, 2005 4:53 PM Subject: RE: [hobbit] securing access Active Directory
Hi John,
"Milburn, John A." wrote on 15/04/2005 07:18:37:
This worked for Windows 2000. It also worked for Windows  2003 if the search base was not the root of the domain.
I found that if you authenticate against a Global  Catalogue, it works for both.
#Directory for Hobbit maintenance ScriptAlias  /hobbit-seccgi/ "/usr/local/hobbit/cgi-secure/" <Directory  /usr/local/hobbit/cgi-secure>    AllowOverride  None    Options ExecCGI  Includes    Order allow,deny    Allow from  all    AuthAuthoritative On     AuthLDAPCompareDNOnServer on    AuthLDAPURL ldap://gc1.mydomain.com:3268/DC=mydomain,DC=com? sAMAccountName?sub?(objectClass=user)     AuthLDAPBindDN CN=HobbitUser,CN=Users,DC=mydomain,DC=com     AuthLDAPBindPassword HobbitUserPassword    AuthType  Basic    AuthName "Enter your Windows logon  name/Password"    require group  CN=HobbitManagers,OU=Managers,DC=mydomain,DC=com </Directory>
Setting "AuthAuthoritative Off" should allow other modules  to authenticate users if ldap fails. I haven't tried this  yet.
I've modified this to match my own AD configuration, but I'm still not having any luck :-(
My apache install includes the ldap_module.so and auth_ldap_module.so
files
- should these work OK by themselves, or do I need to install further OpenLDAP libraries? Â Running ldd on these files doesn't indicate any special requirements.
I don't know of any dependencies. I do have the OpenLDAP libraries installed. I am using Fedora Core 3 fully updated. Almost everything was installed, since I am not that good with Linux.