Apache 2 - LDAP / Active Directory - automatic authorization / authentication process

Is there a fully automatic way to authenticate a user using IE8 + with Apache without , when the user must enter any credentials? Running IIS is actually not an option, even if I start Windows.

I found some Perl-based solutions that should work, but I could make it work only on * Nix with a lot of confusion.

I am currently using authnz_ldap_module, which works great, but users are very confused and annoyed that they need to enter their user ID and password for every new session that they open.

Any ideas?

+6
source share
1 answer

I had the same problem today, after I received the mod_authnz_ldap module.

From my research so far, I understand that you cannot make seamless signals with the mod_authnz_ldap module, and instead you will have to use mod_auth_sspi. I tried this and it seems to work as expected (in Internet Explorer anyway - you can also configure Firefox to pass through the network.automatic-ntlm-auth.trusted-uris key change).

Here are the steps:

  • Download the mod_auth_sspi module from http://sourceforge.net/projects/mod-auth-sspi/
  • In the bin folder in the zip folder, copy the mod_auth_sspi.so file to the folder with the apache folders.
  • In the bin folder in the zip folder, copy the sspipkgs.exe file to the folder with the apache folder.
  • Edit httpd.conf so that something like this is configured in the Directory:
Alias /secure "C:/Secure" <Directory "C:/Secure"> Order deny,allow Allow from all AuthType SSPI SSPIAuth On SSPIOfferBasic on SSPIBasicPreferred On SSPIAuthoritative Off AuthName "Login" SSPIDomain dc.domain Require valid-user </Directory> 

Now restart Apache.

Unfortunately, after all this, this does not work for me as a solution, since I have several LDAP servers for authentication, but I hope this helps you.

+11
source

Source: https://habr.com/ru/post/912930/


All Articles