Server Details
Windows server 2003
Apache 2.2 .10
Client certificate installed using certificate services server.
I exported the certificate and copied to c:\ldap\ldap.cer
I reference the certificate in the httpd.conf file below.
Objective for Intranet site
Authenticate clients upon arrival of protected web pages.
Authentication must be given to only members of a particular group, the
"Web" group.
Authentication Method: authnz_ldap_module for Apache.
Use SSL to encrypt the authentication session. Via mod_ldap.so
#LDAPTrustedClientCert c:\ldap\ldap.cer
<Directory
D:\web\vipintranet\data\Departments\LLUMC-Departments\Information-Servic
es\Staff-Corner>
AuthType Basic
AuthName "Web"
AuthBasicProvider ldap
AuthLDAPBindDN w...@mc.ad.ll.org
AuthLDAPBindPassword 1Apache*
AuthLDAPURL
"ldap://ActiveDirectory:389/DC=mc,DC=ad,DC=ll,DC=org?sAMAccountName?sub?
(objectClass=*)"
AuthLDAPURL "ldaps://ActiveDirectory:636
/DC=mc,DC=ad,DC=ll,DC=org?sAMAccountName?sub?(objectClass=*)"
require ldap-attribute objectClass=user
#when I use the above directive I can authenticate to the ldap server,
however other users can authenticate that should not be able to see the
content.
#Require ldap-group cn=Web, ou=Web Groups, ou=Global Security Groups,
dc=mc, dc=ad, dc=ll, dc=org
#When I use the directive above I cannot authenticate at all. This is
the error I receive
Thu May 07 10:33:29 2009] [error] [client 192.168.0.70] File does not
exist:
</Directory>
Thanks for your help.
LDAP server: Windows server 2003 SP2 Active Directory
