Created
April 6, 2017 22:44
-
-
Save alivesay/b81cd86457a1590e0cfd49725494056c to your computer and use it in GitHub Desktop.
Apache reverse proxy with LDAP authentication against multiple Active Directory domains
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <AuthnProviderAlias ldap auth1> | |
| AuthLDAPURL "ldaps://auth1.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)" | |
| AuthLDAPBindDN "ldap_query" | |
| AuthLDAPBindPassword "password" | |
| </AuthnProviderAlias> | |
| <AuthnProviderAlias ldap auth2> | |
| AuthLDAPURL "ldaps://auth2.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)" | |
| AuthLDAPBindDN "ldap_query" | |
| AuthLDAPBindPassword "password" | |
| </AuthnProviderAlias> | |
| <AuthnProviderAlias ldap auth3> | |
| AuthLDAPURL "ldaps://auth3.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)" | |
| AuthLDAPBindDN "ldap_query" | |
| AuthLDAPBindPassword "password" | |
| </AuthnProviderAlias> | |
| <VirtualHost *:80> | |
| ServerName proxy.example.com | |
| ServerAdmin [email protected] | |
| ErrorLog ${APACHE_LOG_DIR}/error.log | |
| CustomLog ${APACHE_LOG_DIR}/access.log combined | |
| Redirect permanent / https://proxy.example.com | |
| </VirtualHost> | |
| <VirtualHost _default_:443> | |
| ServerName proxy.example.com | |
| ServerAdmin [email protected] | |
| SSLProxyEngine On | |
| ProxyRequests Off | |
| #SSLProxyVerify none | |
| #SSLProxyCheckPeerCN off | |
| #SSLProxyCheckPeerName off | |
| #SSLProxyCheckPeerExpire off | |
| <Location /> | |
| ProxyPreserveHost On | |
| ProxyPass https://backend.example.com:443/ nocanon | |
| ProxyPassReverse https://backend.example.com:443/ | |
| SSLRequireSSL | |
| AuthType Basic | |
| AuthBasicProvider auth1 auth2 auth3 | |
| AuthName "Example" | |
| Require valid-user | |
| </Location> | |
| ErrorLog ${APACHE_LOG_DIR}/error.log | |
| CustomLog ${APACHE_LOG_DIR}/access.log combined | |
| SSLEngine on | |
| SSLCertificateFile /etc/ssl/certs/proxy_example_com.pem | |
| SSLCertificateKeyFile /etc/ssl/private/proxy_example_com.key | |
| </VirtualHost> | |
| # vim: syntax=apache ts=4 sw=4 sts=4 sr noet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ldap authetication is not wirking .it asking for the user name and password when trying to access from the client machine . but when giving the active directory user name and password it given "internal server error "
can yuu help on this