Many companies use an Active Directory LDAP server to keep users’ access and passwords centralized.
This makes it easy to manage IT managers and also the life of the user, who has only a single password, which is used for all types of systems authentication in a company.
Settings on the Active Directory/LDAP server
Check if there is any specific group that will allow access to the Bweb with LDAP authentication, or create a new one, for example “G_TI” and also create a user, for example “bweb” and add to this group.
To get the correct LDAP filter, use the command below in powershell on the Active Directory/LDAP server using the G_TI group. The value of “DistinguishedName” that will be used in the filter.
Get-ADGroup -Identity G_TI DistinguishedName : CN=G_TI,OU=Grupos,DC=dominio,DC=local GroupCategory : Security GroupScope : Global Name : G_TI ObjectClass : group ObjectGUID : edfb6f27-9b35-486e-8d75-aee5b67b8d1d SamAccountName : G_TI SID : S-1-5-21-2301264539-1335648919-2092242634-1163
Edit the /opt/bweb/etc/httpd.conf file, and enter the following lines, remembering to replace the information according to your domain:
# Auth LDAP auth.backend = "ldap" auth.backend.ldap.hostname = "IP_SERVIDOR:PORT" auth.backend.ldap.base-dn = "DC=dominio,DC=local" # In this line that is included after the "memberOf =" the result of the "DistinguishedName" obtained in the Active Directory server/LDAP. auth.backend.ldap.filter = "(&(objectClass=user)(sAMAccountName=$)(memberOf=CN=G_TI,OU=Grupos,DC=dominio,DC=local))" # If authentication does not work, there may be some error in the filter. Then comment on the previous line and uncomment the line below. #auth.backend.ldap.filter = "(&(objectClass=user)(sAMAccountName=$))" # Fill with the user and user password created on the Active Directory/LDAP server auth.backend.ldap.bind-dn = "bweb" auth.backend.ldap.bind-pw = "xRBIZwFGYmSVh4I29VzNXWNDrjJMpZ" auth.require = ( "/" => ( "method" => "basic", "realm" => "Password protected area", "require" => "valid-user" ) )
In the same file, add the module “mod_authn_ldap” in the components to load:
server.modules = ("mod_cgi", "mod_alias", "mod_setenv", "mod_accesslog", "mod_auth", "mod_authn_ldap" )
Save and quit.
In the BWeb configuration menu, enable the Security option to proceed to require Lighttp authentication.
Restart the BWeb service:
service bweb restart
In case of problems, start BWeb with the script: