httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Clayton Hicklin" <chick...@gmail.com>
Subject Re: [users@httpd] Pass-through LDAP authentication with Internet Explorer and Active Directory
Date Tue, 16 Sep 2008 18:23:39 GMT
On Tue, Sep 16, 2008 at 1:22 PM, Clayton Hicklin <chicklin@gmail.com> wrote:

> On Tue, Sep 16, 2008 at 10:58 AM, Davide Bianchi <davide@onlyforfun.net>wrote:
>
>> Clayton Hicklin wrote:
>> > I have LDAP authentication against Active Directory working perfectly in
>> > Firefox, but my problem is with IE.  IE automatically passes through the
>> > username and password so once you are logged into the domain, you don't
>> > have to type it in again.
>>
>> See if this http://www.soft-land.org/articoli/sso
>> can help you out.
>>
>> Davide
>>
>> --
>> How about some patent on "(a+b)^2 == a^2 + 2ab + b^2"?  Choose free
>> software!
>>   -- Laurent Szyster
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
> Thanks for the link.  I should've mentioned my Apache server is running on
> Windows.  I don't think modntlm works on Windows.  They suggest using
> mod_auth_sspi, which is what I started with, and it worked pretty well, but
> it has a weird bug that causes Apache not to send all POST data from forms
> unless you wait a few seconds to click submit.  Strange, but true.  So
> that's what led me to LDAP.  It is really working well except for this
> <domain>\ prefix issue.
>
> --
> Clayton Hicklin
> chicklin@gmail.com
>

Found a workaround for mod_auth_sspi.  If you are having troubles with not
getting POST data with mod_auth_sspi and Internet Explorer, you can turn on
the pre-1.0.4 behavior with:

SSPIPerRequestAuth On


Still don't know how to handle the IE + LDAP domain prefix issue, but this
module will work for me.
-- 
Clayton Hicklin
chicklin@gmail.com

Mime
View raw message