Re: Apache/2.2.8 authenticate LDAP AD SSL or TLS - ubuntu(debian)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Simon Walter wrote:
...


My questions is: Does anyone know of a document that describes what I need to make Apache authenticate via LDAP over SSL or TLS connecting to a MS AD server?

Greetings.

There are so many variations of authentication and so many misunderstandings in that domain, that I'd like to figure out first if you are not chasing the wrong rabbit. Can you describe a bit more what exactly is the issue you are trying to solve, overall ? I presume that what you mean above, is not that Apache itself would authenticate to an AD server for some internal Apache functional reason; but rather that Apache should authenticate /the client/ (browser) by means of a check with an AD server, right ?

Some specific questions in that direction :
- what are the clients which, ultimately, need to be authenticated ?
- how is the link between the Ubuntu Apache host, and the MS AD server ?
Is it a purely internal (and thus relatively secure) network link, or does it go through some insecure network section (like the Internet) ? - since an MS AD back-end system is involved, there is a good chance that what you ultimately want, is that the clients (browsers) would be authenticated via their MS Windows Domain user-id. Is that correct ? (Or do there exist clients, which need to access Apache-controlled resources, but which are NOT already logged-in in a Windows Domain ?) - do the users accept to have a login page the first time they access an Apache application, or do they expect not having to login, considering that they are already logged-in with their workstation in the Domain ?



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux