Hi John,
"Milburn, John A." wrote on 15/04/2005 07:18:37:
This worked for Windows 2000. It also worked for Windows 2003 if
the search base was not the root of the domain.
I found that if you authenticate against a Global Catalogue, it
works for both.
#Directory for Hobbit maintenance
ScriptAlias /hobbit-seccgi/ "/usr/local/hobbit/cgi-secure/"
<Directory /usr/local/hobbit/cgi-secure>
AllowOverride None
Options ExecCGI Includes
Order allow,deny
Allow from all
AuthAuthoritative On
AuthLDAPCompareDNOnServer on
AuthLDAPURL ldap://gc1.mydomain.com:3268/DC=mydomain,DC=com?
sAMAccountName?sub?(objectClass=user)
AuthLDAPBindDN CN=HobbitUser,CN=Users,DC=mydomain,DC=com
AuthLDAPBindPassword HobbitUserPassword
AuthType Basic
AuthName "Enter your Windows logon name/Password"
require group CN=HobbitManagers,OU=Managers,DC=mydomain,DC=com
</Directory>
Setting "AuthAuthoritative Off" should allow other modules to
authenticate users if ldap fails. I haven't tried this yet.
I've modified this to match my own AD configuration, but I'm still not
having any luck :-(
My apache install includes the ldap_module.so and auth_ldap_module.so files
- should these work OK by themselves, or do I need to install further
OpenLDAP libraries? Running ldd on these files doesn't indicate any
special requirements.
From: Taylor, Robert [mailto:user-3e97fc7d80fd@xymon.invalid]
Sent: Monday, April 04, 2005 7:36 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: RE: [hobbit] securing access
There was a post a few days back with an LDAP configuration. I was
able to change a few things around a get that to work with our MS
Active Directory to validate usernames/passwords for access on a RH
EL 3.0 box.
Here is the config for my Apache server. It effectively let’s
anyone access from the internal 10.x.x.x network and then requires
a valid username/password for anyone accessing via the Web.
<Directory "/var/www/html">
AllowOverride None
Order Deny,Allow
AuthType Basic
AuthName "<Something to display in dialog>"
AuthzLDAPEngine on
AuthzLDAPServer <IP Address of LDAP Server>:389
AuthzLDAPUserKey sAMAccountName
AuthzLDAPBindDN <valid LDAP Username for binding to server>
AuthzLDAPBindPassword <LDAP password for username above>
AuthzLDAPUserBase dc=<something>,dc=<something .com, .local,
.net etc…>
AuthzLDAPUserScope subtree
Deny from all
Satisfy any
Require valid-user
Allow from 10.
</Directory>
Standard disclaimer would be that I am no Apache expert and this
took me FOREVER to get working right, but it seems to be okay now.
Robert
From:David Garaway [mailto:user-4528dbd32b26@xymon.invalid]
Sent: Monday, April 04, 2005 3:29 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: [hobbit] securing access
Does anyone know how to lock the whole hobbit page down? I have a
friend that would like to be able to get to the page from anywhere
but wants something like htaccess. Before I started mucking around
with apache to try to get this working I thought I would see if
anyone has done this.
Thanks,
Dave
#####################################################################################
This email is intended for the person to whom it is addressed
only. If you are not the intended recipient, do not read, copy
or use the contents in any way. The opinions expressed may not
necessarily reflect those of ZESPRI Group of Companies ('ZESPRI').
While every effort has been made to verify the information
contained herein, ZESPRI does not make any representations
as to the accuracy of the information or to the performance
of any data, information or the products mentioned herein.
ZESPRI will not accept liability for any losses, damage or
consequence, however, resulting directly or indirectly from
the use of this e-mail/attachments.
#####################################################################################