Here's my ldap-related apache conf (using authnz_ldap)...hope it helps
<Location />
AuthLDAPBindDN "CN=username, CN=Users, DC=domain, DC=com"
AuthLDAPBindPassword "Password for Kerberos auth user"
AuthLDAPURL "ldap(or ldaps)://fqdns or ip of ldap/ad
server/CN=users,DC=domain,DC=.com?sAMAccountName?sub?(objectClass=*)"
AuthType Basic
AuthBasicProvider ldap
AuthName "some text for login prompt"
AuthLDAPAuthorative on
AuthLDAPGroupAttributeIsDN on
require valid-user
</Location>
https://github.com/elasticsearch/kibana/blob/master/sample/apache_ldap.conf
http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication
http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html
http://www.linuxquestions.org/questions/linux-server-73/active-directory-ldap-authentication-with-apache-2-2-a-917739/
^some links that helped me out
On Wednesday, June 18, 2014 9:52:58 AM UTC-7, dharmendra pratap singh wrote:
>
> Hi Brian,
> Thanks a lot for your response.
>
> *Brian, Can you guide me how can I do the user authentication based on
> Active Directory. I am using Apache Tomcat for running my Kibana.*
>
> *My Current requirement is to give access only to the LDAP users for my
> Kibana dashboard and these users should have the access to ES.*
>
> *Appreciate your help.*
> *Thanks a lot.*
>
> *Regards*
> *Dharmendra*
>
>
> On Wed, Jun 18, 2014 at 8:27 PM, Brian <[email protected] <javascript:>>
> wrote:
>
>> Dharmendra,
>>
>> Since Kibana is not a web server but must run within a web server, it's
>> that web server that would provide the authentication. This would be Apache
>> HTTPD, nginx, Node.js, or some other HTTP server. All three of the options
>> I listed have LDAP authentication modules available for them.
>>
>> I have not yet done this, but it's something we will need as we move from
>> evaluating the ELK stack to actually deploying it.
>>
>> I did get Kibana to run as a site plugin for Elasticsearch, but this is
>> only for a very quick and very easy way to start generating enthusiasm
>> (which it is doing!). However, this provides no means of authentication.
>>
>> Brian
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "elasticsearch" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/elasticsearch/Vtr8FLDF7Oo/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/1334fbdf-ff02-4879-a39e-b843e6dbcc19%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/elasticsearch/1334fbdf-ff02-4879-a39e-b843e6dbcc19%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4cee9a00-28d1-437b-a0e1-3bd267a7dc8d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
