Environment: SLES 15 SP4, fully patched, uses SSSD to successfully logon to
the host as an Active Directory account
Apache version (as compiled / implemented by SuSE)
Server version: Apache/2.4.51 (Linux/SUSE)
Server built: 2023-03-10 12:56:22.000000000 +0000
Server's Module Magic Number: 20120211:118
Server loaded: APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
My issue: I can successfully logon to the SLES host using an Active Directory
account.
I can bring up the contents of the "index.html" web page through Apache.
But... For the life of me I cannot get Apache to use Active Directory to
secure that web page.
We are taking this set up from a working Apache server that runs on AIX that
can authenticate with AD.
What should happen is that when the connection request comes in, before any
data is displayed, there should be a prompt for the AD account and password.
It works with AIX and Apache. The version of Apache that is on the AIX host:
Server version: Apache/2.4.28 (Unix)
Server built: Oct 18 2017 12:41:23
Server's Module Magic Number: 20120211:68
Server loaded: APR 1.6.2, APR-UTIL 1.6.0
Compiled using: APR 1.6.2, APR-UTIL 1.6.0
Architecture: 32-bit
Server MPM: worker
threaded: yes (fixed thread count)
forked: yes (variable process count)
Comparing the original httpd.conf to what I'm running:
diff httpd.conf_original httpd.conf
147a148,149
> Include /etc/apache2/ldap_connection.conf
>
The file ldap_connection.conf has the contents of:
LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPConnectionTimeout 5
#
LDAPLibraryDebug 7
The vhost.conf that I'm using:
<VirtualHost 10.2.16.120:80> This is the SLES host I'm
working on
DocumentRoot /etc/apache2/conf.d
</VirtualHost>
<VirtualHost 10.2.16.120:80>
DocumentRoot "/var/mnt/aixhost_docs/docs"
ServerName nbendev8
ServerAlias nbendev8.our_domain
ServerAdmin Org-IS_SE_ES@our_email_domain
ErrorLog /var/mnt/aixhost_docs/logs/nbendev8_error.log
CustomLog /var/mnt/aixhost_docs/logs/nbendev8_access.log common
LogLevel debug
<Directory "/var/mnt/aixhost_docs/docs">
AuthName "Enter Windows Userid/Password"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL
"ldap://our_domain:389/dc=XX,dc=XX,dc=state,dc=tx,dc=us?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN xxx_yyy_zzz@out_domain
AuthLDAPBindPassword password_for_above BindDN I've tested logon to
the SLES host from the console with that AD account and it works.
AuthBasicAuthoritative on
Require ldap-group
cn=http-users-bendev1,ou=Apache,ou=AIX-Servers,ou=Applications,dc=XX,dc=XX,dc=state,dc=tx,dc=us
Options Indexes FollowSymLinks
AllowOverride AuthConfig << I've tried using "none" and it
didn't make a difference
Require all granted
</Directory>
</VirtualHost>
If anyone has an idea of what I could look for or maybe an example of a working
Apache/Linux (or SLES)/ActiveDirectory it would be much appreciated.
I would include some logs but there isn't any useful information in them.
