# rjs 13/11/2022
AddType text/html .htm
AddOutputFilter INCLUDES .htm
# For Directory21 Authentication and Authorisation
AuthType Basic
AuthName "Login to Directory21 with your UserName"
AuthBasicProvider ldap
# could use mod_auth_form to have custom login form and prompt
#AuthLDAPURL "ldaps://s-pdc-dc01.victrackad.victrack.com.au/OU=Applications,DC=victrackad,DC=victrack,DC=com,DC=au?sAMAccountname" TLS
AuthLDAPURL "ldap://s-pdc-dc01.victrackad.victrack.com.au/DC=victrackad,DC=victrack,DC=com,DC=au?sAMAccountname,memberof"
## ??? serach nested greouyps ??? didn't seem to work!
#AuthLDAPURL "ldap://s-pdc-dc01.victrackad.victrack.com.au/DC=victrackad,DC=victrack,DC=com,DC=au?sAMAccountname,memberof?sub"
AuthLDAPBindDN "CN=VRT_SVC_Telmax,OU=Service Accounts,OU=VicTrack,DC=victrackad,DC=victrack,DC=com,DC=au"
#AuthLDAPBindPassword iaV#q@4xy1
AuthLDAPBindPassword Victrack22
AuthLDAPMaxSubGroupDepth 10
#AuthLDAPSubGroupDepth 1
# takes a lot longer, and still fails!
## search nested groups in AD
##Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=Users,OU=Groups,DC=victrackad,DC=victrack,DC=com,DC=au
#Require ldap-filter memberof:1.2.840.113556.1.4.1941:=CN=Domain Users,DC=victrackad,DC=victrack,DC=com,DC=au
Require valid-user
Require ldap-group CN=GG-Telco-Directory21-Access-RW,OU=Teleco,OU=AppAccess,OU=Groups,OU=VicTrack,DC=victrackad,DC=victrack,DC=com,DC=au
Require ldap-group CN=GG-Telco-Directory21-Access-R,OU=Teleco,OU=AppAccess,OU=Groups,OU=VicTrack,DC=victrackad,DC=victrack,DC=com,DC=au
Require ldap-filter (&(|(objectCategory=Person)(objectCategory=User))(| (primaryGroupID=513)))