Changes

Jump to navigation Jump to search

Howto Ldap Auth (view source)

Revision as of 17:00, 22 January 2016

1,149 bytes added ,  17:00, 22 January 2016
no edit summary
Line 79: Line 79:  
   #list domain Admins
 
   #list domain Admins
 
   ldapsearch -ZZ -v -x -H ldap://bob.ad.pumpingstationone.org -b "CN=Users,DC=ad,DC=pumpingstationone,DC=org" -D "PS1\myuser" -W "CN=Domain Admins"
 
   ldapsearch -ZZ -v -x -H ldap://bob.ad.pumpingstationone.org -b "CN=Users,DC=ad,DC=pumpingstationone,DC=org" -D "PS1\myuser" -W "CN=Domain Admins"
 +
 +
== Apache mod_auth_ldap ==
 +
 +
The following example is useful for making members-only sites and web apps
 +
 +
    #Very important, Don't bind in cleartext.  Can't be defined as part of your location or directory block, so make sure you don't skip it.
 +
    LDAPTrustedMode TLS
 +
    <Location/protected>
 +
        AuthName "AD Authentication"
 +
        AuthType Basic
 +
        AuthUserFile /dev/null
 +
        AuthBasicProvider ldap
 +
        #LDAP-URI will be bob.ad.pumpingstationone.org for internal apps, space.pumpingstationone.org for external apps.
 +
        AuthLDAPURL "ldap://[[LDAP-URI]/cn=Users,dc=ad,dc=pumpingstationone,dc=org?sAMAccountName?sub?(objectClass=*)"
 +
        #You should generate a new account per authenticated service.  Just create a new user on the DC.
 +
        AuthLDAPBindDN cn=[SERVICE-ACCOUNT],cn=Users,dc=ad,dc=pumpingstationone,dc=org
 +
        AuthLDAPBindPassword [SERVICE-ACCOUNT-PASSWORD]
 +
        #Set require where appropriate, example shows "All valid users" and "Domain admins only" (commented out)
 +
        #Require ldap-group cn=Domain Admins,cn=users,dc=ad,dc=pumpingstationone,dc=org
 +
        Require valid-user
 +
    </Location>
Kuroishi
Domain Admins
136

edits

Retrieved from "https://ps1.mywikis.wiki/wiki/Special:MobileDiff/27507"
Cookies help us deliver our services. By using our services, you agree to our use of cookies.
More information

Navigation menu