# rjs 13/11/2022 AddType text/html .htm AddOutputFilter INCLUDES .htm # For Directory21 Authentication and Authorisation AuthType Basic AuthName "Login to Directory21 with your UserName" AuthBasicProvider ldap # could use mod_auth_form to have custom login form and prompt #AuthLDAPURL "ldaps://s-pdc-dc01.victrackad.victrack.com.au/OU=Applications,DC=victrackad,DC=victrack,DC=com,DC=au?sAMAccountname" TLS AuthLDAPURL "ldap://s-pdc-dc01.victrackad.victrack.com.au/DC=victrackad,DC=victrack,DC=com,DC=au?sAMAccountname,memberof" ## ??? serach nested greouyps ??? didn't seem to work! #AuthLDAPURL "ldap://s-pdc-dc01.victrackad.victrack.com.au/DC=victrackad,DC=victrack,DC=com,DC=au?sAMAccountname,memberof?sub" AuthLDAPBindDN "CN=VRT_SVC_Telmax,OU=Service Accounts,OU=VicTrack,DC=victrackad,DC=victrack,DC=com,DC=au" #AuthLDAPBindPassword iaV#q@4xy1 AuthLDAPBindPassword Victrack22 AuthLDAPMaxSubGroupDepth 10 #AuthLDAPSubGroupDepth 1 # takes a lot longer, and still fails! ## search nested groups in AD ##Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=Users,OU=Groups,DC=victrackad,DC=victrack,DC=com,DC=au #Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=Domain Users,DC=victrackad,DC=victrack,DC=com,DC=au Require valid-user Require ldap-group CN=GG-Telco-Directory21-Access-RW,OU=Teleco,OU=AppAccess,OU=Groups,OU=VicTrack,DC=victrackad,DC=victrack,DC=com,DC=au Require ldap-group CN=GG-Telco-Directory21-Access-R,OU=Teleco,OU=AppAccess,OU=Groups,OU=VicTrack,DC=victrackad,DC=victrack,DC=com,DC=au Require ldap-filter (&(|(objectCategory=Person)(objectCategory=User))(| (primaryGroupID=513)))