Edgewall Software
Home
Trac
Trac Hacks
Genshi
Babel
Bitten
Home
Download
Documentation
Mailing Lists
License
FAQ
Search:
Login
Preferences
Help/Guide
About Trac
Wiki
Timeline
Roadmap
Browse Source
View Tickets
New Ticket
Search
Context Navigation
+0
Start Page
Index
History
Editing ActiveDirectory
Adjust edit area height:
8
12
16
20
24
28
32
36
40
Edit side-by-side
This is a short HOWTO for setting up Apache and OpenLDAP to use Microsoft's !ActiveDirectory for authenticating users. As an option, you can secure LDAP by using SSL. We choose openssl.[[BR]] It will give you an idea how to set up your apache configuration. We assume that * your AD domain is called `MYDOM` * you have a user called `MYUSER` that has read access to `sAMAccountName` * your DC has the name `mydc.example.org` * your basedn is `DC=mydom,DC=example,DC=org` === Apache 2.0.x with [http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html mod_auth_ldap] === You need to have `mod_ldap.so` and `mod_auth_ldap.so` compiled. To do so, compile apache with {{{ ./configure --enable-ldap=shared --enable-auth-ldap=shared --with-ldap \ --with-ldap-include=</path/to/your/openldap/installation>/include \ --with-ldap-lib=</path/to/your/openldap/installation>/lib }}} Of course, you'll have to provide more options to `configure`.[[BR]] Build and install apache the usual way.[[BR]] Make sure you have both `mod_ldap.so` and `mod_auth_ldap.so` in apaches's modules directory. Now for the `httpd.conf`: {{{ LoadModule ldap_module modules/mod_ldap.so LoadModule auth_ldap_module modules/mod_auth_ldap.so [...] <Location /physical/path/to/your/trac-env/> AuthType Basic AuthLDAPEnabled on AuthLDAPAuthoritative on AuthLDAPBindDN "MyDOM\\MYUSER" AuthLDAPBindPassword apassword AuthLDAPUrl ldap://mydc.example.org:389/DC=mydom,DC=example,DC=org?sAMAccountName AuthName "Authorization required" require valid-user SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonOption TracEnv /physical/path/to/your/trac-env PythonOption TracUriRoot /url/path/to/your/trac-env </Location> }}} === Apache 2.2.x with [http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html mod_authnz_ldap] and LDAP over SSL === You need to have `mod_ldap.so` and `mod_authnz_ldap.so` compiled. To do so, compile apache with {{{ ./configure --enable-ldap=shared --enable-auth-ldap=shared --enable-ldap \ --enable-authnz-ldap --with-ldap --with-ldap-include=</path/to/your/openldap/installation>/include \ --with-ldap-lib=</path/to/your/openldap/installation>/lib }}} Of course, you'll have to provide more options to `configure`.[[BR]] Build and install apache the usual way.[[BR]] Make sure you have both `mod_ldap.so` and `mod_authnz_ldap.so` in apaches's modules directory.[[BR]] Also make sure that your openldap has support for ssl built in.[[BR]] Get the root certificate for your DC. In this example, it is BASE64 encoded. Now for the `httpd.conf`: {{{ LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so [...] LDAPTrustedGlobalCert CA_BASE64 certs/ca_dc.cer [...] <Location /physical/path/to/your/trac-env/> AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthUserFile /dev/null AuthLDAPBindDN "MyDOM\\MYUSER" AuthLDAPBindPassword apassword AuthLDAPUrl ldaps://mydc.example.org:636/DC=mydom,DC=example,DC=org?sAMAccountName AuthName "Authorization required" require valid-user SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonOption TracEnv /physical/path/to/your/trac-env PythonOption TracUriRoot /url/path/to/your/trac-env </Location> }}} Have fun!
Note:
See
WikiFormatting
and
TracWiki
for help on editing wiki content.
Change information
Your email or username:
E-mail address and name can be saved in the
Preferences
Comment about this change (optional):
Note:
See
TracWiki
for help on using the wiki.