apache通过AD验证

## apache通过AD验证

#yum install httpd mod_authz_lda

#安装apahce的ldap模块

yum install mod_authz_ldap -y

#配置apache通过ldap进行认证

cp /etc/httpd/conf.d/authz_ldap.conf /etc/httpd/conf.d/authz_ldap.conf.bak$(date +%F)

egrep -v "#|^$" /etc/httpd/conf.d/authz_ldap.conf

#编辑配置

vim /etc/httpd/conf.d/authz_ldap.conf

LoadModule authz_ldap_module modules/mod_authz_ldap.so

lt;IfModule mod_authz_ldap.c>

#配置AD 的IP地址，认证用户、密码等

<Directory /var/www/html/ldap> #这里定义那个目录需要使用ldap模块认证
AuthzLDAPMethod ldap
AuthzLDAPAuthoritative on
AuthzLDAPServer 172.16.33.18
AuthzLDAPUserBase "OU=Tech,OU=users,DC=test,DC=cn"
AuthzLDAPUserKey sAMAccountName
AuthzLDAPUserScope subtree
AuthzLDAPBindDN "elven@test.cn"
AuthzLDAPBindPassword "test"
AuthType Basic 
AuthName "Test ldap"
require valid-user
</Directory>

</IfModule>

#启动

echo ServerName localhost:80 >>/etc/httpd/conf/httpd.conf #添加本机web 80端口

ervice httpd start

chkconfig --add httpd

chkconfig httpd o

#测试目录

mkdir /var/www/html/lda

echo "LDAP test">/var/www/html/ldap/index.html

#浏览器http://ip/lda