Home > apache 2.2 > Apache mod_auth_ldap and AD authentication using IE

Apache mod_auth_ldap and AD authentication using IE

April 1Hits:0

I want to know if it's possible to configure Apache for authentication against ActiveDirectory for users to use SIngle Sign-on. I know Internet Explorer can use it and it's called Windows Authentication.


IE's "Windows Authentication" is NTLM -- at least older versions. (I think that current "Windows Authentication" does negotiate). You would need mod_ntlm or mod_auth_ntlm_winbind for NTLMv2. I think that later versions of IE and windows can also do GSSAPI via negotiate, which would work using mod_auth_kerb. GSSAPI has the advantage that it can be made to work will all the major browsers and platforms.

Short answer - it's possible.

You can use authnz to accomplish this very task.


You'll need to create an unprivileged account for Apache to connect to AD to perform the authentication. It's possible to do things like conditionally allowing people access based on group memberships. In addition, you should be able to add the URL to trusted sites and have IE pass creds transparently so that there is no user interaction required to log in.

Related Articles

Copyright (C) 2018 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.422 s.