Apache 2 - LDAP/Active Directory - Automatic login/authentication process
I've been having the same problem myself today after eventually getting the mod_authnz_ldap
module to work.
From my research thus far, I gather you can't do seamless signon with the mod_authnz_ldap
module and you'll have to use mod_auth_sspi
instead. I've tried this out and it seems to work as expected (on Internet Explorer anyway - you can also configure Firefox to pass through by modifying the network.automatic-ntlm-auth.trusted-uris
key).
Here's the steps:
- Download the mod_auth_sspi module from http://sourceforge.net/projects/mod-auth-sspi/
- From the zip file's bin folder, copy mod_auth_sspi.so to your apache modules folder
- From the zip file's bin folder, copy sspipkgs.exe to your apache bin folder
- Edit httpd.conf so that the Directory is configured something like this:
Alias /secure "C:/Secure" <Directory "C:/Secure"> Order deny,allow Allow from all AuthType SSPI SSPIAuth On SSPIOfferBasic on SSPIBasicPreferred On SSPIAuthoritative Off AuthName "Login" SSPIDomain dc.domain Require valid-user </Directory>
Now restart Apache.
Unfortunately, after all that it's no good for me as a solution as I have multiple LDAP servers to authenticate against, but hopefully this will help you.