Setting Up LDAP Authenticated Directory in Apache HTTPD
23#PHP #ApacheHTTPD #ActiveDirectory #LDAP
Full steps can be found at https://i12bretro.github.io/tutorials/0037.html
In this quick video learn how to setup LDAP/Active Directory authentication on an Apache webserver to secure web based applications.
--------------------------------------------------------------------
Active Directory Setup
--------------------------------------------------------------------
01. Open Active Directory Users and Computers
02. Expand the domain ≫ Users
03. Right Click Users ≫ New ≫ User
04. Create a read only account to use for LDAP binding
First Name: Read
Last Name: Only
User logon name: readonly_svc
05. Click Next
06. Set the user's password and confirm it
07. Uncheck User must change password on next logon
08. Check User cannot change password
09. Check Password never expires
10. Click Next
11. Click Finish
12. Right Click Users ≫ New ≫ Group
13. Give the group a name and click OK
14. Right Click the newly created group ≫ Properties
15. Select the Members tab ≫ Click Add...
16. Add users that will be allowed access to the web application
17. Click OK
--------------------------------------------------------------------
Configuring Apache HTTPD for LDAP
--------------------------------------------------------------------
01. Navigate to the Apache install directory/conf in Explorer
02. Edit httpd.conf in a text editor
03. Find the authnz_ldap_module and make sure it is enabled by removing the # at the start of the line
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
04. Find the ldap_module and make sure it is enabled by removing the # at the start of the line
LoadModule ldap_module modules/mod_ldap.so
05. Create a Location block to enable LDAP authentication for the specified directory
≪location /ldaptest≫
# Basic authentication with LDAP against MS AD
AuthType Basic
AuthBasicProvider ldap
# AuthLDAPURL specifies the LDAP server IP, port, base DN, scope and filter
# using this format: ldap://host:port/basedn?attribute?scope?filter
AuthLDAPURL "ldap://i12bretro.local:389/DC=i12bretro,DC=local?sAMAccountName?sub?(objectClass=user)" NONE
# The LDAP bind username and password
AuthLDAPBindDN "readonly_svc@i12bretro.local"
AuthLDAPBindPassword "Read0nly!!"
LDAPReferrals Off
AuthUserFile /dev/null
AuthName "Restricted Area [i12bretro.local]"
# to authenticate a domain group, specify the full DN
AuthLDAPGroupAttributeIsDN on
require ldap-group CN=WebAuthAccess,CN=Users,DC=i12bretro,DC=local
≪/location≫
06. Save httpd.conf
07. Restart the Apache service
08. Open a browser and navigate to the LDAP authenticated URL
09. An authentication prompt should appear, allowing only users in the AD group specified access
### Connect with me and others ###
★ Discord: https://discord.com/invite/EzenvmSHW8
★ Reddit: https://reddit.com/r/i12bretro
★ Twitter: https://twitter.com/i12bretro