Is it possible to use LDAP authentification via .htaccess with MAMP?
I think I need to include/enable the Apache-Module but I'm not sure how to do it?
Thanks for your help!
Enalble it
a2enmod authnz_ldap
a2enmod ldap
/etc/init.d/apache2 restart
In htaccess you use
AuthType Basic
AuthName "secured site"
AuthBasicProvider ldap
AuthLDAPUrl "ldap://server/ou=People,dc=example,dc=local"
AuthLDAPBindDN "cn=reader,dc=example,dc=local"
AuthLDAPBindPassword the_secret_one
AuthzLDAPAuthoritative Off
Require valid-user
Related
I have install thruk 3.0 and naemon. I following the instrutions on
https://www.thruk.org/documentation/install-webserver.html
I am using ldap not active directory.
from my truck log
login failed for jprouty on /thruk/ from 10.17.74.37
my apache error logs shows
user jprouty not found: /thruk/cgi-bin/restricted.cgi
<Location /thruk/>
Options ExecCGI FollowSymLinks
AuthName "Thruk Monitoring"
AuthType Basic
#leagacy file authentication first, then ldap
AuthBasicProvider file ldap
AuthUserFile /etc/thruk/htpasswd
#ldap
AuthLDAPURL "ldap://ipa.domain.com/cn=users,cn=accounts,dc=domain,dc=com?uid?sub?(memberOf=cn=monitoring,cn=groups,cn=accounts,dc=domain,dc=com)"
AuthLDAPBindDN "uid=httpbind,cn=sysaccounts,cn=etc,dc=domain,dc=com"
AuthLDAPBindPassword "XXXXXXXX"
AuthLDAPRemoteUserAttribute uid
Require valid-user
I have tested with ldapsearch and able to connect with user/password
did a tcpdump and see the ldap sending
I've set up a Kerberos Authentication on my Apache Server (Ubuntu 16.04 LTS) with mod_auth_kerb.
The configuration is as follows :
AuthType Kerberos
AuthName "Authentication Required"
KrbAuthRealm MY.DOMAIN
Krb5KeyTab "/path/to/keytab"
KrbMethodK5Passwd On
Require valid-user
It works fine as it is.
But I want to add an authentication fallback to an .htpasswd file, in case of a Kerberos failure.
I tried the following :
AuthType Basic
AuthName "Authentication Required"
AuthBasicProvider kerberos file
KrbAuthRealm MY.DOMAIN
Krb5KeyTab "/path/to/keytab"
KrbMethodK5Passwd On
KrbAuthoritative Off
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
But I have an error when restarting :
apache2[7455]: Unknown Authn provider: kerberos
I've set my Apache LogLevel to debug but I've nothing in the log file ...
My mod_auth_kerb version is 5.4-2.2.
Any ideas ?
Thanks :)
I am running apache on EC2 Redhat Linux.
Server version: Apache/2.2.15
Red Hat Enterprise Linux Server release 6.4 (Santiago)
I have ldap attache to it. I would like to have uses not enter id or password when then type my application url in web browser.
Is there a way to do it?
Here is my httpd.conf
<location />
AuthType Basic
AuthBasicProvider ldap
AuthName "Web Console Authentication"
AuthLDAPBindDN <user>
AuthLDAPBindPassword <password>
AuthLDAPURL <ldapusl>
AuthUserFile /dev/null
require valid-user
</location>
but this needs user to enter ID and password?
Please let me know if you need any information.
Thanks for your help.
Based on your response to comments you're going to need to use mod_ntlm for that
I want to make a web directory protectde by htaccess and LDAP users in certain OU's can access it.
I've googled all day and I couldn't make it happen. I've using Apache 2.2 on Ubuntu Server 10.04 LTS. Here is my htaccess:
AuthType Basic
AuthName "LOGIN"
AuthUserFile /dev/null
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://SERVER_IP/ou=users,dc=domain,dc=TLD,dc=ccTLD?uid?sub?(objectClass=*)"
AuthLDAPBindDN "cn=user,dc=domain,dc=TLD,dc=ccTLD"
AuthLDAPBindPassword passwd
#I've tried all of below:
#Require valid-user # This works just fine. But i don't want everyone can login.
#Require ldap-group ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD # Tried this one and failed.
Require ldap-filter (ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD) # tried this one and also failed.
Thank you very much.
I found the problem. You shouldn't use brackets around the ldap-filter attribute.
This:
Require ldap-filter (ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD)
Should be like this:
Require ldap-filter ou=couldLogIn,ou=users,dc=domain,dc=TLD,dc=ccTLD
This is my LDAP configuration in Apache2.2.x
Order deny,allow
AuthType Basic
AuthName "Test"
AuthBasicProvider ldap
AuthLDAPURL "ldap://dc1.domain.com:389/DC=domain,DC=com?sAMAccountName" NONE
AuthLDAPBindDN "CN=Administrator,CN=Users,DC=domain,DC=com"
AuthLDAPBindPassword "secret"
authzldapauthoritative Off
require valid-user
When i load the page i get the pop up for password en username.
But when i fill them in i get an internal server error.
If i look in the error log of apache is see no new errors.
If i change my BindPassword to something wrong i get errors in my /var/log/apache2/error.log
Pulling my hair out!
Try to set "REFERRALS off" in /etc/ldap/ldap.conf.