Could use some advice on what I'm doing wrong with securing Apache server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Environment:  SLES 15 SP4, fully patched,  uses SSSD to successfully logon to the host as an Active Directory account

Apache version (as compiled / implemented by SuSE)

Server version: Apache/2.4.51 (Linux/SUSE)
Server built:   2023-03-10 12:56:22.000000000 +0000
Server's Module Magic Number: 20120211:118
Server loaded:  APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)

My issue:  I can successfully logon to the SLES host using an Active Directory account.

I can bring up the contents of the "index.html" web page through Apache.

But...    For the life of me I cannot get Apache to use Active Directory to secure that web page.


We are taking this set up from a working Apache server that runs on AIX that can authenticate with AD.

What should happen is that when the connection request comes in, before any data is displayed, there should be a prompt for the AD account and password.  It works with AIX and Apache.  The version of Apache that is on the AIX host:

Server version: Apache/2.4.28 (Unix)
Server built:   Oct 18 2017 12:41:23
Server's Module Magic Number: 20120211:68
Server loaded:  APR 1.6.2, APR-UTIL 1.6.0
Compiled using: APR 1.6.2, APR-UTIL 1.6.0
Architecture:   32-bit
Server MPM:     worker
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)

Comparing the original httpd.conf to what I'm running:

diff httpd.conf_original httpd.conf
147a148,149
> Include /etc/apache2/ldap_connection.conf
>

The file ldap_connection.conf has the contents of:

LDAPSharedCacheSize 500000
LDAPCacheEntries  1024
LDAPCacheTTL   600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL  600
LDAPConnectionTimeout  5
#
LDAPLibraryDebug 7

The vhost.conf that I'm using:

<VirtualHost 10.2.16.120:80>                      This is the SLES host I'm working on
    DocumentRoot /etc/apache2/conf.d
</VirtualHost>
<VirtualHost 10.2.16.120:80>
 DocumentRoot "/var/mnt/aixhost_docs/docs"
 ServerName nbendev8
 ServerAlias nbendev8.our_domain
 ServerAdmin Org-IS_SE_ES@our_email_domain
 ErrorLog /var/mnt/aixhost_docs/logs/nbendev8_error.log
 CustomLog /var/mnt/aixhost_docs/logs/nbendev8_access.log common
 LogLevel  debug

 <Directory "/var/mnt/aixhost_docs/docs">
  AuthName "Enter Windows Userid/Password"
  AuthType Basic
  AuthBasicProvider ldap
  AuthLDAPURL "ldap://our_domain:389/dc=XX,dc=XX,dc=state,dc=tx,dc=us?sAMAccountName?sub?(objectClass=user)"
  AuthLDAPBindDN xxx_yyy_zzz@out_domain
  AuthLDAPBindPassword password_for_above BindDN         I've tested logon to the SLES host from the console with that AD account and it works.
  AuthBasicAuthoritative on
  Require ldap-group cn=http-users-bendev1,ou=Apache,ou=AIX-Servers,ou=Applications,dc=XX,dc=XX,dc=state,dc=tx,dc=us
  Options Indexes FollowSymLinks
  AllowOverride AuthConfig                   << I've tried using "none" and it didn't make a difference
  Require all granted
 </Directory>
</VirtualHost>

If anyone has an idea of what I could look for or maybe an example of a working Apache/Linux (or SLES)/ActiveDirectory it would be much appreciated.

I would include some logs but there isn't any useful information in them.

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux