Xymon Mailing List Archive search

Password Protected Areas?

list Wiskbroom
Thu, 19 Nov 2009 09:15:44 -0500
Message-Id: <user-677058c14f0f@xymon.invalid>

Thanks Matt, can't wait to try this out!

.vp

Here is our configuration in /etc/httpd/conf.d/hobbit-apache.conf
that allows us to authenticate against AD. Took a lot of searching
to find the solution, which was pretty obscure, so hopefully this helps.
I've removed the default comments, so you may want to put them back
or have your own.


Note the "AuthzLDAPAuthoritative
Off" ... that was the kicker in getting it all to play nice.


AllowOverride None

Options ExecCGI Includes

Order allow,deny

Allow from all

AuthType Basic

AuthBasicProvider ldap

AuthGroupFile

AuthLDAPURL "ldap:///dc=example,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)"

AuthName "Xymon Admin
- Use your Windoze password"

AuthzLDAPAuthoritative
off

Require valid-user

Require group

AuthLDAPBindDN
"CN=_,OU=,OU=,DC=example,DC=domain,DC=com"

AuthLDAPBindPassword
""


Unix System Administrator

Computer Science Corporation

General Dynamics Land Systems

XXXXX Mound Rd.

Sterling Heights, MI. 48310

Desk: (XXX) XXX-XXXX

Oracle IM: moldvanm


This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.

NOTE: Regardless of content, this e-mail shall not operate to bind CSC
to any order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for such
purpose.


[http://gfx1.hotmail.com/mail/w4/pr01/ltr/i_safe.gif]


RE: [hobbit] Password
Protected Areas?


wiskbroom
to:
hobbit

11/13/2009 08:13 AM


Please respond to hobbit


Thank you Henrik!


To: user-ae9b8668bcde@xymon.invalid
From: user-ce4a2c883f75@xymon.invalid
Date: Fri, 13 Nov 2009 09:34:00 +0000
Subject: Re: [hobbit] Password Protected Areas?
In
writes:
Really? You know of a way in which I can auth against AD and based
on
page/pages in apache?
Pages and subpages are just physical directories below ~hobbit/server/www/
so you can setup standard Apache ""
definitions to impose
access restrictions.
As for authenticating against an AD, you must use the Apache mod_auth_ldap
module. If you google "apache auth active directory" it
should give you
some hints.
Regards,
Henrik