Below steps are how to install Apache Webserver and configure it to protect web pages using Active Directory LDAP authentication.
Step 1: Install Apache HTTPd Webserver on RHEL/Centos
$ yum install httpd
$ yum install mod_ldap
or on Centos 8 or higher:
$ dnf install httpd
$ dnf install mod_ldap
To verify that the module is enabled, run the commands below.
$ httpd -M | grep ldap
ldap_module (shared)
authnz_ldap_module (shared)Step 2: Create a simple test html webpage
$ vi /var/www/html/index.html
<!DOCTYPE html>
<html>
<body>
<h1><center>Testing AD/LDAP Based HTTP</center></h1>
<h1><center>Basic LDAP Authentication</center></h1>
</body>
</html>Step 3: Update the AD/LDAP settings in the config file
$ vi /etc/httpd/conf.d/myldap-auth.conf
<Directory /var/www/html>
AuthType Basic
AuthName "LDAP Based HTTP Basic Authentication"
AuthBasicProvider ldap
AuthLDAPURL ldaps://myldap.com:636/dc=mydomain,dc=com?userPrincipalName
AuthLDAPBindDN cn=mybinduser,dc=mydomain,dc=com
AuthLDAPBindPassword mypassword123
Require valid-user
</Directory>
Restart the httpd service:
$ systemctl restart httpdStep 4: Bring up the webpage on browser if you installed httpd on myapachehttpserver.com server.
http://myapachehttpserver.com:80
This should display a login page and enter the LDAP userid for example firstname.lastname and password. If successful login to ldap then it should show the webpage.
Please adjust the AuthLDAPURL ldaps://myldap.com:636/dc=mydomain,dc=com?userPrincipalName to another attributes like ?uid?sub?(objectClass=*) or anything else that works for your ldap server to login. You can test using ldapsearch command first.
Debugging steps:
Run below commands to check
$ httpd -t
If the output is, Syntax OK, then conf file is good.
Increase debug logging to get more details:
In /etc/httpd/conf/httpd.conf
#changed LogLevel to debug
#LogLevel warn
LogLevel debug
$ systemctl restart httpd
After this check the log files in /var/log/httpd/access.log and error.log