You will find there's Perl application which runs under Apache on Solaris using CGI::Application. That's all running fine. We want to obtain access to the consumer_ID variable went by the IE browser, and perform some Database queries and LDAP queries.
I have checked out the Apache documentation and that i can't learn how to accomplish this. We do not have access to the internet (this is an intranet) in the solaris servers so we have to compile everything ourselves.
Does anybody possess a checklist (or tutorial) of the items Apache needs (modules/plug ins) to be able to accomplish this, and just how it ought to be set up?
You will find mod_ntlm and mod_ldap plug ins for apache that can be used to authenticate.
Inside your situation, i'd think that you really do desire to use mod_ntlm and ldap or "active directory" is just its after sales?
Here's on tutorial that covers the establishing phase: http://sivel.internet/2007/05/sso-apache-ad-1/
Compilation phase within the tutorial is targeted for revoltions per minute based linux platform though but twiki has more information on producing for solaris10 here: http://twiki.org/cgi-bin/view/Codev/NtlmForSolaris10#How_to_build_your_own_mod_ntlm_b
I personally use the module
mod_auth_ntlm_winbind.so) on our server. You must have Samba and winbind installed, correctly set up and running.
You are able to download the module in the Samba project tree:
git clone git://git.samba.org/jerry/mod_auth_ntlm_winbind.git
To be able to authenticate customers via NTLM you need to add the next directives for your directory configurations:
<Directory /srv/http> Allow from all AuthName "NTLM Authentication thingy" NTLMAuth on NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp" NTLMBasicAuthoritative on AuthType NTLM require valid-user AllowOverride all </Directory>
Obviously you have to load the module, too:
LoadModule auth_ntlm_winbind_module /usr/lib/httpd/modules/mod_auth_ntlm_winbind.so
The Home windows user account is passed towards the application because the REMOTE_USER:
#!/usr/bin/perl use CGI; my $query = new CGI; # get the windows account from the header my $windows_account = $query->remote_user();
Observe that IE only transmits the consumer authentication data to reliable sites.
Here is a website with a little more information around the module.
Direct Authentication via LDAP
Permanently is by using the module
mod_authnz_ldap.so). This really is most likely loaded automatically already. Observe that this isn't true Single signon because the user is motivated for any password.
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
Add this for your directory definition:
<Directory /srv/http> AuthName "Authentication required" AuthType Basic AuthzLDAPAuthoritative off AuthBasicProvider ldap # "protocol://hostname:port/base?attribute?scope?filter" NONE # NONE indicates that an unsecure connection should be used for LDAP, i.e. port 389 AuthLDAPURL "ldap://your.ldap.server.net:389/OU=the,OU=search,OU=node,DC=domain,DC=net?sAMAccountName?sub?(objectClass=*)" NONE # This is only needed if your LDAP server doesn't allow anonymous binds AuthLDAPBindDN "CN=AD Bind User,OU=the,OU=bind,OU=node,DC=domain,DC=net" AuthLDAPBindPassword super-secret Require valid-user AllowOverride all </Directory>