2006/1/3, Matthias Grimm <matthiasgrimm@xxxxxxxxxxxxxxxxxxxxx>: > I hacked something like this for the old auth system but is was a ugly > hack and never was published. > > I'm really interested how you configured apache to use active directory > and what else have to be done to get it work. A small howto would be > nice. :-) > > I would test it at work and find a way to bypass DokuWiki's login form > in a compatible manner in return. hey, Unfortunatly, I won't have time to write such a how-to for the next 3 week (last projects and exams). But here are the guidelines : * Use of following module : http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apache2.html * Downloading Sun ONE Directory SDK for C 5.08 * copying Sun libs to /modules (into apache2 path : C:\program files\apache group\apache2 in my case) * copying Muquit's dll : modauthldap_apache2_dll.zip to /modules * Into httpd.conf : AuthType Basic AuthName "Please login" LDAP_Debug Off LDAP_Server <IP of AD Server> LDAP_Port <AD TCP Port> LDAP_Protocol_Version 3 # our base domain Base_DN "DC=dimension,DC=fr" # I've created a user which has only the ability (rights) to browse the AD Bind_DN "DIMENSION\ADBrowser" Bind_Pass "the_password" UID_Attr "samaccountname" Require valid-user That's it. There is an example for subversion/trac : LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so LoadModule python_module modules/mod_python.so LoadModule auth_ldap_module modules/mod_auth_ldap.dll #################################################################### # S u b v e r s i o n # # - Authentification par AD #################################################################### <Location /svn> Dav svn SVNParentPath c:/subversion/repos/ AuthType Basic AuthName "SVN repositories" LDAP_Debug Off LDAP_Server <IP of AD Server> LDAP_Port <AD TCP Port> LDAP_Protocol_Version 3 Base_DN "DC=dimension,DC=fr" Bind_DN "DIMENSION\ADBrowser" Bind_Pass "the_password" UID_Attr "samaccountname" AuthzSVNAccessFile c:/subversion/repos/rights.conf Satisfy Any Require valid-user SVNIndexXSLT "/svnindex.xsl" </Location> #################################################################### #################################################################### # T R A C #################################################################### Alias /trac "C:/Program Files/Python23/share/trac/htdocs" <Location /trac> SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonOption TracEnvParentDir "c:/subversion/trac/" PythonOption TracUriRoot /trac </Location> # Authentification par AD <LocationMatch "/trac/[^/]+/login"> AuthType Basic AuthName "Environement Trac" LDAP_Debug Off LDAP_Server <IP of AD Server> LDAP_Port <AD TCP Port> LDAP_Protocol_Version 3 Base_DN "DC=dimension,DC=fr" Bind_DN "DIMENSION\ADBrowser" Bind_Pass "the_password" UID_Attr "samaccountname" Require valid-user </LocationMatch> <Directory "C:/Python23/share/trac/htdocs"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> #################################################################### enjoy :P Hervé -- Hervé Leroux - rv at anything-else.net http://www.anything-else.net IM : Skype : lerouxrv; msn : lerouxrv@xxxxxxxxxxx GnuPG Fingerprint: 68F3 DF3E C2AA C191 E7A5 9DA4 178A 819C FBB8 5B15 -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist