Hi John,
"Milburn, John A." wrote on 15/04/2005 07:18:37:
This worked for Windows 2000. It also worked for Windows 2003 if the search base was not the root of the domain.
I found that if you authenticate against a Global Catalogue, it works for both.
#Directory for Hobbit maintenance ScriptAlias /hobbit-seccgi/ "/usr/local/hobbit/cgi-secure/" <Directory /usr/local/hobbit/cgi-secure> AllowOverride None Options ExecCGI Includes Order allow,deny Allow from all AuthAuthoritative On AuthLDAPCompareDNOnServer on AuthLDAPURL ldap://gc1.mydomain.com:3268/DC=mydomain,DC=com? sAMAccountName?sub?(objectClass=user) AuthLDAPBindDN CN=HobbitUser,CN=Users,DC=mydomain,DC=com AuthLDAPBindPassword HobbitUserPassword AuthType Basic AuthName "Enter your Windows logon name/Password" require group CN=HobbitManagers,OU=Managers,DC=mydomain,DC=com </Directory>
Setting "AuthAuthoritative Off" should allow other modules to authenticate users if ldap fails. I haven't tried this yet.
I've modified this to match my own AD configuration, but I'm still not having any luck :-(
My apache install includes the ldap_module.so and auth_ldap_module.so files
- should these work OK by themselves, or do I need to install further OpenLDAP libraries? Running ldd on these files doesn't indicate any special requirements.
From: Taylor, Robert [mailto:Robert.Taylor at HendrickAuto.com] Sent: Monday, April 04, 2005 7:36 AM To: hobbit at hswn.dk Subject: RE: [hobbit] securing access
There was a post a few days back with an LDAP configuration. I was able to change a few things around a get that to work with our MS Active Directory to validate usernames/passwords for access on a RH EL 3.0 box.
Here is the config for my Apache server. It effectively let’s anyone access from the internal 10.x.x.x network and then requires a valid username/password for anyone accessing via the Web.
<Directory "/var/www/html"> AllowOverride None Order Deny,Allow AuthType Basic AuthName "<Something to display in dialog>" AuthzLDAPEngine on AuthzLDAPServer <IP Address of LDAP Server>:389 AuthzLDAPUserKey sAMAccountName AuthzLDAPBindDN <valid LDAP Username for binding to server> AuthzLDAPBindPassword <LDAP password for username above> AuthzLDAPUserBase dc=<something>,dc=<something .com, .local, .net etc…> AuthzLDAPUserScope subtree Deny from all Satisfy any Require valid-user Allow from 10.
</Directory>
Standard disclaimer would be that I am no Apache expert and this took me FOREVER to get working right, but it seems to be okay now.
Robert
From:David Garaway [mailto:dave at auctionhelper.com] Sent: Monday, April 04, 2005 3:29 AM To: hobbit at hswn.dk Subject: [hobbit] securing access
Does anyone know how to lock the whole hobbit page down? I have a friend that would like to be able to get to the page from anywhere but wants something like htaccess. Before I started mucking around with apache to try to get this working I thought I would see if anyone has done this.
Thanks,
Dave
#####################################################################################
This email is intended for the person to whom it is addressed only. If you are not the intended recipient, do not read, copy or use the contents in any way. The opinions expressed may not necessarily reflect those of ZESPRI Group of Companies ('ZESPRI').
While every effort has been made to verify the information contained herein, ZESPRI does not make any representations as to the accuracy of the information or to the performance of any data, information or the products mentioned herein. ZESPRI will not accept liability for any losses, damage or consequence, however, resulting directly or indirectly from the use of this e-mail/attachments. #####################################################################################