apache通过AD验证

## apache通过AD验证

#yum install httpd mod_authz_ldap
#安装apahce的ldap模块
yum install mod_authz_ldap -y
#配置apache通过ldap进行认证
cp /etc/httpd/conf.d/authz_ldap.conf /etc/httpd/conf.d/authz_ldap.conf.bak$(date +%F)
egrep -v "#|^$" /etc/httpd/conf.d/authz_ldap.conf
#编辑配置
vim /etc/httpd/conf.d/authz_ldap.conf
LoadModule authz_ldap_module modules/mod_authz_ldap.so
<IfModule mod_authz_ldap.c>

#配置AD 的IP地址，认证用户、密码等

<Directory /var/www/html/ldap> #这里定义那个目录需要使用ldap模块认证
AuthzLDAPMethod ldap
AuthzLDAPAuthoritative on
AuthzLDAPServer 172.16.33.18
AuthzLDAPUserBase "OU=Tech,OU=users,DC=test,DC=cn"
AuthzLDAPUserKey sAMAccountName
AuthzLDAPUserScope subtree
AuthzLDAPBindDN "elven@test.cn"
AuthzLDAPBindPassword "test"
AuthType Basic 
AuthName "Test ldap"
require valid-user
</Directory>

</IfModule>

#启动
echo ServerName localhost:80 >>/etc/httpd/conf/httpd.conf #添加本机web 80端口
service httpd start
chkconfig --add httpd
chkconfig httpd on

#测试目录
mkdir /var/www/html/ldap
echo "LDAP test">/var/www/html/ldap/index.html

#浏览器http://ip/ldap