How to Configure Apache/ActiveDirectory Authentication Authentication User ID Data to Search ActiveDirectory

Asked 1 years ago, Updated 1 years ago, 59 views

I use Apache for a certain application at work, and
Authentication needed to be authenticated using ActiveDirectory information.

environment
Server A: Apache 2.4/Web Application
Server B: Active Directory

Assumed Specifications
Users can access the web application with a browser
When the authentication dialog appears and you enter your user ID and password,
Apache can contact ActiveDirectory to authenticate and log in to the web application.

If the above is the only one, for example, 

AuthLDAPUrl "ldap://hogesv01:389/OU=person, dc=homedomain, dc=jp?userPrincipalName?sub?(objectClass=*)"
AuthLDAPBindDN [email protected]
AuthLDAPBindPassword userhoge Password
Require ldap-attribute objectClass=person

I think it is possible to set up authentication with an apache configuration like the one shown in

The problem this time is
Users have the requirement to enter a username without a domain.
For example, if userPrincipalName is [email protected],
Users only specify user01 by their login ID.


Authenticate users in Apache settings. Go search ActiveDirectory by matching the user ID forward and
I need to be able to perform authentication with userPrincipalName.
Is such a configuration method possible with apache?

I did a lot of research, but I didn't know how to do it, so
Are there any good ways or ideas?

Changing ActiveDirectory itself is a third party management server, so
I want to do something with Apache settings.

image
User →→ [Enter user01]→→→ Apache→→→ [Search [email protected]] → ActiveDirectory
Ap I want to process values entered by users in Apache and go search Active Directory

If you have any ideas/knowledge, could you please let me know?

windows apache openldap ldap

2022-09-30 19:51

1 Answers

sAMAccountName (user logon name prior to Windows 2000).

AuthLDAPUrl "ldap://hogesv01:389/OU=person, dc=homedomain, dc=jp?sAMAccountName?sub?(objectClass=*)"

Note:

I have a requirement that I really want to use userPrincipalName.
Also,
This is a request to search the userPrincipalName of ActiveDirectry for a forward match of the ID entered from the browser...

This is difficult with Apache's mod_authnz_ldap, so consider one of the following:

To search forward, I think the logic is as follows:

Apache's mod_authnz_ldap is a difficult reason, but this module searches like (attribute=entered username), so it has to match exactly.

Example:

  • If the attribute you set in AuthLDAPUrl is userPrincipalName and the search filter is (objectClass=*)
  • and if the user entered is Kumamon
  • Search Filter=(&(objectClass=*)(userPrincipalName=Kumamon)).

2022-09-30 19:51

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

928 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

490 /usr/bin/google-chrome:symbol lookup error:/usr/bin/google-chrome: undefined symbol:gbm_bo_get_modifier

520 Scrap text information after the "View More" button when searching in the Yahoo! News search window

522 Who developed the "avformat-59.dll" that comes with FFmpeg?

514 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

© 2024 OneMinuteCode. All rights reserved.