Apache AD and file authentication on same directory

So I have a directory that I want password protected on apache. Some of my users have Active Directory accounts and others who are not affiliated with our company do not so I needed to be able to use LDAP/AD authentication for some users and file authentication for others.

Here is mu authentication options I can add to either a Location directive or a Directory directive.

AuthBasicProvider file ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthUserFile /etc/httpd/conf/apache.users
AuthName “Restricted Access”
AuthLDAPURL “ldap://domaincontroller.example.com:3268/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)” NONE
AuthLDAPBindDN “adbindaccount@example.com”
AuthLDAPBindPassword “bindaccountpassword”
Require valid-user

The file option for the AuthBasicProvider lets Apache know to check the apache.users file for usernames and passwords.  The ldap option tells Apache to check the LDAP  source for usernames and passwords.  The AuthzLDAPAuthoritative off is set so that if and LDAP authentication fails, then Apache falls through to check the file apache.users. Finally the require valid-user means any user in either location will have access to the directory.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s