Would you like to learn how to configure an Apache server to use LDAP authentication on the Active directory? In this tutorial, we are going to show you how to authenticate the Apache service on the Active Directory using the LDAP protocol on a computer running Ubuntu Linux.

• Ubuntu 18
• Ubuntu 19
• Apache 2.4.41
• Windows 2012 R2

Apache - Related Tutorial:

On this page, we offer quick access to a list of tutorials related to Apache.

Tutorial - Windows Domain Controller Firewall

• IP - 192.168.15.10
• Operacional System - WINDOWS 2012 R2
• Hostname - TECH-DC01

First, we need to create a Firewall rule on the Windows domain controller.

This firewall rule will allow the Apache server to query the Active directory database.

On the domain controller, open the application named Windows Firewall with Advanced Security

Create a new Inbound firewall rule.

zabbix active directory

Select the PORT option.

Select the TCP option.

Select the Specific local ports option.

Enter the TCP port 389.

zabbix windows firewall port ldap

Select the Allow the connection option.

zabbix windows firewall allow connection

Check the DOMAIN option.

Check the PRIVATE option.

Check the PUBLIC option.

Enter a description to the firewall rule.

windows firewall active directory

Congratulations, you have created the required firewall rule.

This rule will allow the Apache server to query the Active directory database.

Tutorial - Windows Domain Account Creation

Next, we need to create at least 2 accounts on the Active directory database.

The ADMIN account will be used to login on the Apache server.

The BIND account will be used to query the Active Directory database.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: admin

Password configured to the ADMIN user: 123qwe..

This account will be used to authenticate on the Apache web interface.

active directory admin accountzabbix active directory admin properties

Create a new account named: bind

Password configured to the BIND user: kamisama123..

This account will be used to query the passwords stored on the Active Directory database.

active directory bind accountzabbix active directory ldap bind properties

Congratulations, you have created the required Active Directory accounts.

Apache - LDAP Authentication on Active Directory

• IP - 192.168.15.11
• Operational System - Ubuntu 19.10
• Hostname - APACHE

Install the Apache server and the required LDAP authentication module.

Copy to Clipboard

Enable the Apache2 LDAP authentication module.

Copy to Clipboard

In our example, we are going to request authentication to users trying to access a directory named Test.

Create a directory named Test and give the user named www-data permission over this directory.

Copy to Clipboard

Configure the Apache server to request the LDAP authentication to users trying to access the Test directory.

Edit the Apache 000-default.conf configuration file.

Copy to Clipboard

Here is the 000-default.conf file before our configuration.

Copy to Clipboard

Here is the 000-default.conf file after our configuration.

Copy to Clipboard

The Apache server was configured to request password authentication to acess the directory /var/www/html/test.

The Apache web server was configured to authenticate user accounts using the LDAP server 192.168.15.10.

The Apache web server was configured to use the Active directory domain: TECH.LOCAL.

Restart the Apache service.

Copy to Clipboard

Congratulations! You successfully configured the Apache authentication.

Apache - LDAP Authentication Test

Open your browser and enter the IP address of your Apache web server.

In our example, the following URL was entered in the Browser:

• http://192.168.15.11

The Apache default page will be displayed.

Apache default page

Open your browser and enter the IP address of your web server plus /test.

In our example, the following URL was entered in the Browser:

• http://192.168.15.11/test

On the login screen, enter an Active Directory username and password.

• Username: admin
• Password: 123qwe..

Apache login form

After a successful login, you will be authorized to access the directory named Test.

Apache Radius Authentication test

Congratulations! You have configured the LDAP authentication on an Apache server to use the Active directory.