Overview

1
Overview
Active Directory Server? Apache? ?? SSO ?? KLDP
Conf
???
2
Overview

• LDAP
• Lightweight Directory Access Protocol
• Directory(????) ???? ???? ???? ????
• Directory? ??,?? ?? ??? ????, ??? ??? ?? ???? ??
• ????? ??? ?? ??? ??? ??? ??, ???? ????? ???
  ???
• ????? ???? ??? ? ?? ?? ???, LDAP ? ??? ?? ??
  ???? ?? ?? ????.

3
Overview

• ADS
• Active Directory Server
• Domain Controller
• MS? ?? ??? LDAP ??? Directory service
• NTDS??? ????
• ??? ??? ?????? ?? ??? ??? ?? ??? ?? ????.

4
Why SSO?

• ??? ???
• ???? ??? ????? ??? ? ??
• ???? ?? ??? ????? ???? ??? ?? ? ? ??
• ??? ???
• ??? ???? ??? ? ?? ??? ??? ???? ??? ??.
• ?? ?? ????? ??? ?? ??? ?? ??? ? ??.
• Subversion
• Trac
• Dokuwiki
• Samba

5
ADS auth with Apache

• Requirement
• Apache module
• auth_basic
• authnz_ldap
• authz_default
• Active Directory authentication

ltLocation "/"gt AuthBasicProvider ldap AuthType
Basic AuthzLDAPAuthoritative off AuthName "My
Subversion server" AuthLDAPURL
"ldap//directory.example.com389/DCexample,DCco
m?sAMAccountName?sub?(objectClass)" NONE
AuthLDAPBindDN "CNapache,CNUsers,DCexample,DC
com" AuthLDAPBindPassword hackme require
valid-user lt/Locationgt
6
ADS auth with Apache
7
Subversion

• Requirement
• dav
• dav_svn

     ltLocation /svn/qoom-srgt              DAV
svn              SVNPath /home/svn/qoom-sr      
        AuthType Basic              AuthName
"Qoom Island Game Server Repository"             
AuthBasicProvider "ldap"             
AuthLDAPURL "ldap//dc.j-interactive.com3268/DCj
-interactive,DCcom?sAMAccountName?sub?(objectClas
suser)"              AuthLDAPBindDN      
user_at_j-interactive.com             
AuthLDAPBindPassword "password"             
authzldapauthoritative Off              require
ldap-group CNqoom-sr,OUUser,OUJ-Interactive,DC
j-interactive,DCcom     lt/Locationgt
8
Subversion
9
Trac

• Requirement
• mod_python

ltLocation /qoom-srgt SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnv /home/trac/qoom-sr
PythonOption TracLocale "en_US.UTF8"
PythonOption TracUriRoot /qoom-sr SetEnv
PYTHON_EGG_CACHE /home/trac/qoom-sr
AuthBasicProvider ldap AuthType Basic
authzldapauthoritative Off AuthName "Qoom
Island Game Server AuthLDAPURL
"ldap//dc.j-interactive.com3268/DCj-interactive
,DCcom?sAMAccountName?sub?(objectClass)" NONE
AuthLDAPBindDN trac_at_j-interactive.com
AuthLDAPBindPassword password" require
ldap-group CNqoom-sr,OUUser,OUJ-Interactive,DC
j-interactive,DCcom require ldap-group
CNqoom-cl,OUUser,OUJ-Interactive,DCj-interacti
ve,DCcom lt/Locationgt
10
Trac
11
Dokuwiki

• Requirement
• php with ldap
• ldap.conf.php

lt?php conf'useacl' 1 conf'openregiste
r' 0 conf'authtype' 'ldap' conf'aut
h''ldap''server'
'j-interactive.com' conf'auth''ldap''binddn
' 'user_at_server' conf'auth'
'ldap''usertree' 'dcj-interactive,dc
com' conf'auth''ldap''userfilter'
'(userPrincipalNameuser_at_server)' conf'
auth''ldap''mapping''name'
'displayname' conf'auth''ldap''mapping''g
rps' array('memberof' gt '/CN(.?),/i') con
f'auth''ldap''referrals' 0
Switch referrals off for use with Active
Directory conf'auth''ldap''version'
3 ?gt
12
Trac
13
Reference site

• Link
• http//www.jejik.com/articles/2007/06/apache_and_
  subversion_authentication_with_microsoft_active_di
  rectory/
• http//download.softerra.com/files/ldapbrowser26.
  msi