Active Directory Authentication BWeb Lighttp Bacula Enterprise Configuration

Many companies use an Active Directory  LDAP server to keep users’ access and passwords centralized.

This makes it easy to manage IT managers and also the life of the user, who has only a single password, which is used for all types of systems authentication in a company.

Settings on the Active Directory/LDAP server

Check if there is any specific group that will allow access to the Bweb with LDAP authentication, or create a new one, for example “G_TI” and also create a user, for example “bweb” and add to this group.

To get the correct LDAP filter, use the command below in powershell on the Active Directory/LDAP server using the G_TI group. The value of “DistinguishedName” that will be used in the filter.

Get-ADGroup -Identity G_TI
                
DistinguishedName : CN=G_TI,OU=Grupos,DC=dominio,DC=local
GroupCategory     : Security
GroupScope        : Global
Name              : G_TI
ObjectClass       : group
ObjectGUID        : edfb6f27-9b35-486e-8d75-aee5b67b8d1d
SamAccountName    : G_TI
SID               : S-1-5-21-2301264539-1335648919-2092242634-1163

Configuring Lighttp

Edit the /opt/bweb/etc/httpd.conf file, and enter the following lines, remembering to replace the information according to your domain:

# Auth LDAP
auth.backend = "ldap"
auth.backend.ldap.hostname = "IP_SERVIDOR:PORT"
auth.backend.ldap.base-dn = "DC=dominio,DC=local"

# In this line that is included after the "memberOf =" the result of the "DistinguishedName" obtained in the Active Directory server/LDAP.
auth.backend.ldap.filter = "(&(objectClass=user)(sAMAccountName=$)(memberOf=CN=G_TI,OU=Grupos,DC=dominio,DC=local))"

# If authentication does not work, there may be some error in the filter. Then comment on the previous line and uncomment the line below.
#auth.backend.ldap.filter = "(&(objectClass=user)(sAMAccountName=$))"

# Fill with the user and user password created on the Active Directory/LDAP server
auth.backend.ldap.bind-dn  = "bweb"
auth.backend.ldap.bind-pw  = "xRBIZwFGYmSVh4I29VzNXWNDrjJMpZ"

auth.require = ( "/" =>
   (
      "method" => "basic",
      "realm" => "Password protected area",
      "require" => "valid-user"
   )
)

In the same file, add the module “mod_authn_ldap” in the components to load:

server.modules = ("mod_cgi", "mod_alias", "mod_setenv",
"mod_accesslog", "mod_auth", "mod_authn_ldap" )

Save and quit.

BWeb Configuration

In the BWeb configuration menu, enable the Security option to proceed to require Lighttp authentication.

Restart the BWeb service:

service bweb restart

In case of problems, start BWeb with the script:

/opt/bweb/etc/starthttp

References

[1] https://redmine.lighttpd.net/projects/lighttpd/wiki/docs_modauth

Disponível em: pt-brPortuguês (Portuguese (Brazil))enEnglishesEspañol (Spanish)

Leave a Reply