Recently I have to deal with connection Apache HTTPD (Web) Server to ActiveDirectory. Running authentication against an LDAP-based directory server, sounds trivial, but I found it, not really! There are a lot resources in the Internet, but most of them I still need some adaptation. Even more, because ActiveDirectory is not just a simple directory server, but it has multi-facets, and of course you are required to understand some of the details of Windows based authentication system.
I run my configuration on the latest Apache HTTP 2.2.14, while most of the samples were still using Apache 2.0, or even 1.3.
This task requires me to be able to browser my existing ActiveDirectory server, to see what is actually inside the directory server. My previous experience with ActiveDirectory servers was revolving around setting Windows servers and workstations users and group. Connecting a third party (I mean non-Microsoft) application using non-Microsoft technology (it's not VB6, it's not .NET, it's not COM application) posed some challenges for me.
I realize that in order to be successful, I need to be able to browse the directory server (LDAP server is not a correct term, directory server is the correct term), so I came into conclusion that:
- I need a good client tool to test the connection first
- I need to figure out the correct settings on the ActiveDirectory
- I need to figure out the correct settings on the Apache HTTPD 2.2 configuration file (httpd.conf)
I found a few free and good client tools that works for my requirement:
I found out that Softerra's LDAP Browser 2.6 to be lightweight and very useful when you are using Windows system as the client. The cons is, it's a Windows application, means that you can't run it from other platform. I use the older version of this tool -- version 2.5 -- and discovered a lot of things about the ActiveDirectory server, before moving into the latest(version 2.6.
JXplorer download is the smallest! Currently JXplorer has the limitation of only displaying the first 1,000 items, which I found to be very annoying. It throws exception whenever bumping into this limitation (which you would for certain when browsing ActiveDirectory!).
Apache Directory Studio is based on Eclipse platform, and it's a big download (92MB), compared to JXplorer (3.2MB), and LDAP Browser 2.6 (5.6MB). It was built for Apache Directory Server (ApacheDS) project, but should work with any directory servers (at least it claims to be!). The benefit of Eclipse platform of course, we suppose to be able to update components without reinstalling the Eclipse platform. It's OSGi platform under the hood, so in case the provider maintain well the update site, we could update OSGi components as required.
No comments:
Post a Comment