Apache LDAP Authentication How To

This lesson will show you how to install and configure Apache 2.2.x on Windows with LDAP Basic Authentication against Microsoft Active Directory

Install Apache 2.2.x

Download the latest Apache 2.2.x installer from http:://www.apache.org

Download the AUTH LDAP module for Apache 2.2 and also SUN C++ SDK

Download the SUN C++ SDK for Windows NT4 optimized version from the SUN SDK Website http://www.sun.com/download/products.xml?id=3ec28dbd
Download the version 3.11 of the pre compiled mod auth ldap dll from here http://muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html#directives Choose MS Windows binary v3.11 for Apache 2.2.2

Extract both zip files
Place the file mm_mod_auth_ldap.dll into the Apache modules Directory
Place the dlls from the SDK extracted zip file into the Apache Modules Directory

Open the Apache Httpd.conf file in your Favourite Text Editor


In order to control which URL requires LDAP authentication we use an Apache Location Directive

Add the Following to your httpd.conf and modify to fit your environment

All Values in the Screen Shot above with Red Arrows must be changed

# LDAP Stuff
LoadModule mm_auth_ldap_module modules/mm_mod_auth_ldap.dll

LDAP_UseMemoryCache_G On
LDAP_HashTableSize_G 1024
LDAP_CacheTTL_G 5000
LDAP_Persistent_G On
SupportNestedGroups_G On

<Location /wordpress>
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthBasicProvider “mm_ldap”
#AuthLDAPAuthoritative Off
#AuthAuthoritative Off
#AuthOnBind On
#Sub_DN “ou=CIS,ou=People”
Bind_Tries 3
AuthName “Authorized imaginary staff only”
AuthType Basic
LDAP_Debug On
LDAP_Protocol_Version 3
LDAP_Connect_Timeout 1000
Base_DN “CN=Users,DC=sjdec,DC=local”
UID_Attr “sAMAccountName”
Bind_DN    “CN=Administrator,CN=Users,DC=sjdec,DC=local”
Bind_Pass “livelink”
require valid-user

Save the Httpd.conf and restart Apache

Test the Page in a Browser


Call the page defined by the Location Directive in a browser and a login popup should appear
Then Login with a LDAP User and Password

Use The Firefox Addon Live HTTP headers to check authentication


Install the Firefox Addon Live Http Headers and then repeat the login test above and view the HTTP response headers to check that authentication is working as expected
You should see the server issue an HTTP 401 when the page is called and then Basic Authorization being set once the user has logged in


One thought on “Apache LDAP Authentication How To

Comments are closed.