Environment: SLES 15 SP4, fully patched, uses SSSD to successfully logon to the host as an Active Directory account
Apache version (as compiled / implemented by SuSE) Server version: Apache/2.4.51 (Linux/SUSE) Server built: 2023-03-10 12:56:22.000000000 +0000 Server's Module Magic Number: 20120211:118 Server loaded: APR 1.6.3, APR-UTIL 1.6.1 Compiled using: APR 1.6.3, APR-UTIL 1.6.1 Architecture: 64-bit Server MPM: prefork threaded: no forked: yes (variable process count) My issue: I can successfully logon to the SLES host using an Active Directory account. I can bring up the contents of the "index.html" web page through Apache. But... For the life of me I cannot get Apache to use Active Directory to secure that web page. We are taking this set up from a working Apache server that runs on AIX that can authenticate with AD. What should happen is that when the connection request comes in, before any data is displayed, there should be a prompt for the AD account and password. It works with AIX and Apache. The version of Apache that is on the AIX host: Server version: Apache/2.4.28 (Unix) Server built: Oct 18 2017 12:41:23 Server's Module Magic Number: 20120211:68 Server loaded: APR 1.6.2, APR-UTIL 1.6.0 Compiled using: APR 1.6.2, APR-UTIL 1.6.0 Architecture: 32-bit Server MPM: worker threaded: yes (fixed thread count) forked: yes (variable process count) Comparing the original httpd.conf to what I'm running: diff httpd.conf_original httpd.conf 147a148,149 > Include /etc/apache2/ldap_connection.conf > The file ldap_connection.conf has the contents of: LDAPSharedCacheSize 500000 LDAPCacheEntries 1024 LDAPCacheTTL 600 LDAPOpCacheEntries 1024 LDAPOpCacheTTL 600 LDAPConnectionTimeout 5 # LDAPLibraryDebug 7 The vhost.conf that I'm using: <VirtualHost 10.2.16.120:80> This is the SLES host I'm working on DocumentRoot /etc/apache2/conf.d </VirtualHost> <VirtualHost 10.2.16.120:80> DocumentRoot "/var/mnt/aixhost_docs/docs" ServerName nbendev8 ServerAlias nbendev8.our_domain ServerAdmin Org-IS_SE_ES@our_email_domain ErrorLog /var/mnt/aixhost_docs/logs/nbendev8_error.log CustomLog /var/mnt/aixhost_docs/logs/nbendev8_access.log common LogLevel debug <Directory "/var/mnt/aixhost_docs/docs"> AuthName "Enter Windows Userid/Password" AuthType Basic AuthBasicProvider ldap AuthLDAPURL "ldap://our_domain:389/dc=XX,dc=XX,dc=state,dc=tx,dc=us?sAMAccountName?sub?(objectClass=user)" AuthLDAPBindDN xxx_yyy_zzz@out_domain AuthLDAPBindPassword password_for_above BindDN I've tested logon to the SLES host from the console with that AD account and it works. AuthBasicAuthoritative on Require ldap-group cn=http-users-bendev1,ou=Apache,ou=AIX-Servers,ou=Applications,dc=XX,dc=XX,dc=state,dc=tx,dc=us Options Indexes FollowSymLinks AllowOverride AuthConfig << I've tried using "none" and it didn't make a difference Require all granted </Directory> </VirtualHost> If anyone has an idea of what I could look for or maybe an example of a working Apache/Linux (or SLES)/ActiveDirectory it would be much appreciated. I would include some logs but there isn't any useful information in them.