Environment: SLES 15 SP4, fully patched, uses SSSD to successfully logon to the host as an Active Directory account
Apache version (as compiled / implemented by SuSE)
Server version: Apache/2.4.51 (Linux/SUSE)
Server built: 2023-03-10 12:56:22.000000000 +0000
Server's Module Magic Number: 20120211:118
Server loaded: APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
My issue: I can successfully logon to the SLES host using an Active Directory account.
I can bring up the contents of the "index.html" web page through Apache.
But... For the life of me I cannot get Apache to use Active Directory to secure that web page.
We are taking this set up from a working Apache server that runs on AIX that can authenticate with AD.
What should happen is that when the connection request comes in, before any data is displayed, there should be a prompt for the AD account and password. It works with AIX and Apache. The version of Apache that is on the AIX host:
Server version: Apache/2.4.28 (Unix)
Server built: Oct 18 2017 12:41:23
Server's Module Magic Number: 20120211:68
Server loaded: APR 1.6.2, APR-UTIL 1.6.0
Compiled using: APR 1.6.2, APR-UTIL 1.6.0
Architecture: 32-bit
Server MPM: worker
threaded: yes (fixed thread count)
forked: yes (variable process count)
Comparing the original httpd.conf to what I'm running:
diff httpd.conf_original httpd.conf
147a148,149
> Include /etc/apache2/ldap_connection.conf
>
The file ldap_connection.conf has the contents of:
LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPConnectionTimeout 5
#
LDAPLibraryDebug 7
The vhost.conf that I'm using:
<VirtualHost 10.2.16.120:80> This is the SLES host I'm working on
DocumentRoot /etc/apache2/conf.d
</VirtualHost>
<VirtualHost 10.2.16.120:80>
DocumentRoot "/var/mnt/aixhost_docs/docs"
ServerName nbendev8
ServerAlias nbendev8.our_domain
ServerAdmin Org-IS_SE_ES@our_email_domain
ErrorLog /var/mnt/aixhost_docs/logs/nbendev8_error.log
CustomLog /var/mnt/aixhost_docs/logs/nbendev8_access.log common
LogLevel debug
<Directory "/var/mnt/aixhost_docs/docs">
AuthName "Enter Windows Userid/Password"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap://our_domain:389/dc=XX,dc=XX,dc=state,dc=tx,dc=us?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN xxx_yyy_zzz@out_domain
AuthLDAPBindPassword password_for_above BindDN I've tested logon to the SLES host from the console with that AD account and it works.
AuthBasicAuthoritative on
Require ldap-group cn=http-users-bendev1,ou=Apache,ou=AIX-Servers,ou=Applications,dc=XX,dc=XX,dc=state,dc=tx,dc=us
Options Indexes FollowSymLinks
AllowOverride AuthConfig << I've tried using "none" and it didn't make a difference
Require all granted
</Directory>
</VirtualHost>
If anyone has an idea of what I could look for or maybe an example of a working Apache/Linux (or SLES)/ActiveDirectory it would be much appreciated.
I would include some logs but there isn't any useful information in them.
Apache version (as compiled / implemented by SuSE)
Server version: Apache/2.4.51 (Linux/SUSE)
Server built: 2023-03-10 12:56:22.000000000 +0000
Server's Module Magic Number: 20120211:118
Server loaded: APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
My issue: I can successfully logon to the SLES host using an Active Directory account.
I can bring up the contents of the "index.html" web page through Apache.
But... For the life of me I cannot get Apache to use Active Directory to secure that web page.
We are taking this set up from a working Apache server that runs on AIX that can authenticate with AD.
What should happen is that when the connection request comes in, before any data is displayed, there should be a prompt for the AD account and password. It works with AIX and Apache. The version of Apache that is on the AIX host:
Server version: Apache/2.4.28 (Unix)
Server built: Oct 18 2017 12:41:23
Server's Module Magic Number: 20120211:68
Server loaded: APR 1.6.2, APR-UTIL 1.6.0
Compiled using: APR 1.6.2, APR-UTIL 1.6.0
Architecture: 32-bit
Server MPM: worker
threaded: yes (fixed thread count)
forked: yes (variable process count)
Comparing the original httpd.conf to what I'm running:
diff httpd.conf_original httpd.conf
147a148,149
> Include /etc/apache2/ldap_connection.conf
>
The file ldap_connection.conf has the contents of:
LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
LDAPConnectionTimeout 5
#
LDAPLibraryDebug 7
The vhost.conf that I'm using:
<VirtualHost 10.2.16.120:80> This is the SLES host I'm working on
DocumentRoot /etc/apache2/conf.d
</VirtualHost>
<VirtualHost 10.2.16.120:80>
DocumentRoot "/var/mnt/aixhost_docs/docs"
ServerName nbendev8
ServerAlias nbendev8.our_domain
ServerAdmin Org-IS_SE_ES@our_email_domain
ErrorLog /var/mnt/aixhost_docs/logs/nbendev8_error.log
CustomLog /var/mnt/aixhost_docs/logs/nbendev8_access.log common
LogLevel debug
<Directory "/var/mnt/aixhost_docs/docs">
AuthName "Enter Windows Userid/Password"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "ldap://our_domain:389/dc=XX,dc=XX,dc=state,dc=tx,dc=us?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN xxx_yyy_zzz@out_domain
AuthLDAPBindPassword password_for_above BindDN I've tested logon to the SLES host from the console with that AD account and it works.
AuthBasicAuthoritative on
Require ldap-group cn=http-users-bendev1,ou=Apache,ou=AIX-Servers,ou=Applications,dc=XX,dc=XX,dc=state,dc=tx,dc=us
Options Indexes FollowSymLinks
AllowOverride AuthConfig << I've tried using "none" and it didn't make a difference
Require all granted
</Directory>
</VirtualHost>
If anyone has an idea of what I could look for or maybe an example of a working Apache/Linux (or SLES)/ActiveDirectory it would be much appreciated.
I would include some logs but there isn't any useful information in them.