MIDAS Active Directory (LDAP) Integration Active Directory Integration: Configuring Apache

For Apache 2.4:

In order for Apache 2.4 to authenticate against an Active Directory server, the module "mod_authnz_sspi.so" must be present, enabled, and correctly configured.

For Windows-based servers, the module mod_authnz_sspi may be obtained from apachehaus.net - Make sure you download the right version for your Apache install (x64 or x86). Unzip the module, and add the files from the bin location to your Apache "bin" folder, and the files from the module folder to your Apache "module" folder.

Once installed, this module can be enabled by adding the following line to your server's httpd.conf file:

LoadModule authnz_sspi_module modules/mod_authnz_sspi.so

Please also ensure that the following modules are uncommented in your http.conf file (by removing any leading "#"):

LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so

Next, you will need to configure the directory on your server where your MIDAS resides to authenticate against your Active Directory. Again, this is done by adding the following to your httpd.conf file: 

<Location "/midas/">
  AuthName "Intranet"
  AuthType SSPI
  SSPIDomain xxx.xxx.xxx.xxx
  SSPIAuth on
  SSPIOfferSSPI on
  SSPIAuthoritative on
  SSPIUsernameCase lower
  SSPIPerRequestAuth on
  SSPIOmitDomain on
  require valid-user
</Location>
Where "/midas/" is the location where MIDAS resides on your server, relative to the root (usually "htdocs" or "public_html"), and xxx.xxx.xxx.xxx is the IP address or domain name of your Active Directory server. In the above example, MIDAS resides under /public_html/midas/, and therefore the location to use is "/midas/"

Tip: You will need to restart Apache for changes you make to your httpd.conf file to take effect

Linux-based servers: "mod_authnz_sspi" may not be available on your server. An alternative Apache module is "mod_auth_kerb". Please refer to the vendor's own documentation for guidance installing and configuring this module.

For Apache 2.2:

In order for Apache 2.2 to authenticate against an Active Directory server, the module "mod_auth_sspi.so" must be present, enabled, and correctly configured.

Once installed, this module can be enabled by adding the following line to your server's httpd.conf file:

LoadModule sspi_auth_module modules/mod_auth_sspi.so

Next, you will need to configure the directory on your server where your MIDAS resides to authenticate against your Active Directory. Again, this is done by adding the following to your httpd.conf file:

<Location "/midas/">
  AuthName "Intranet"
  AuthType SSPI
  SSPIDomain xxx.xxx.xxx.xxx
  SSPIAuth on
  SSPIOfferSSPI on
  SSPIAuthoritative on
  SSPIUsernameCase lower
  SSPIPerRequestAuth on
  SSPIOmitDomain on
  require valid-user
</Location>
Where "/midas/" is the location where MIDAS resides on your server, relative to the root (usually "htdocs" or "public_html"), and xxx.xxx.xxx.xxx is the IP address or domain name of your Active Directory server. In the above example, MIDAS resides under /public_html/midas/, and therefore the location to use is "/midas/"

Tip: You will need to restart Apache for changes you make to your httpd.conf file to take effect

Next Up...

Configuring Web Browsers for Active Directory Integration