# Sample Apache configuration file for GestioIP with authentication
# against an Microsoft AD (Active Directory)
# NOTE: This is pure Apache. There are many examples of
# apache configurations which work with AD. So if it doesn't
# work after the first try search WWW or apache mailing lists
# for solution. E.g. search for "apache authentication active directory"
AddHandler cgi-script .cgi
AddDefaultCharset utf8
AllowOverride None
DirectoryIndex index.cgi
Options ExecCGI
# AuthType Basic
# AuthName GestioIP
# AuthUserFile /etc/apache2/users-gestioip
# Require user gipoper
# Require user gipadmin
Order allow,deny
Allow from all
# Allow from .domain.org 192.168.
# you need some valid AD account to search through AD
# you can create a account with minimal rights or use
# any other valid AD account
AuthLDAPBindDN "some_account@domain.org"
AuthLDAPBindPassword "xxxxxxxx"
# search user
# If DN of AD accounts looks like this:
# CN=Bugs Bunny,OU=IT Stuff,OU=CarrotInc,DC=domain,DC=org
AuthLDAPURL "ldap://ldap.domain.org/ou=CarrotInc,dc=domian,dc=org?sAMAccountName?sub?(objectClass=*)"
AuthType Basic
AuthName "GestioIP - Authentication with AD account"
AuthBasicProvider ldap
require ldap-user ro-user1
require ldap-user ro-user2
require ldap-user rw-user1
require ldap-user rw-user2
# Require ldap-group CN=Networking,OU=IT Stuff,OU=CarrotInc,DC=domain,DC=org
# uncomment next line if you get error "(9)Bad file descriptor: Could not open password file: (null)"
# AuthUserFile /dev/null
ErrorDocument 401 /gestioip/errors/error401.html
ErrorDocument 403 /gestioip/errors/error403.html
ErrorDocument 404 /gestioip/errors/error404.html
ErrorDocument 500 /gestioip/errors/error500.html
AddHandler cgi-script .cgi
AddDefaultCharset utf8
AllowOverride None
Options ExecCGI
# AuthType Basic
# AuthName GestioIP
# AuthUserFile /etc/apache2/users-gestioip
# Require user gipadmin
Order allow,deny
Allow from all
# Allow from .domain.org 192.168.
AuthLDAPBindDN "some_account@domain.org"
AuthLDAPBindPassword "xxxxxxxx"
AuthLDAPURL "ldap://ldap.domain.org/ou=CarrotInc,dc=domian,dc=org?sAMAccountName?sub?(objectClass=*)"
AuthType Basic
AuthName "GestioIP - Authentication with AD account"
AuthBasicProvider ldap
require ldap-user rw-user1
require ldap-user rw-user2
# Require ldap-group CN=Networking,OU=IT Stuff,OU=CarrotInc,DC=domain,DC=org
# uncomment next line if you get error "(9)Bad file descriptor: Could not open password file: (null)"
# AuthUserFile /dev/null
ErrorDocument 401 /gestioip/errors/error401.html
ErrorDocument 403 /gestioip/errors/error403.html
ErrorDocument 404 /gestioip/errors/error404.html
ErrorDocument 500 /gestioip/errors/error500.html
AddDefaultCharset utf8
AllowOverride None
Order deny,allow
Deny from all
ErrorDocument 401 /gestioip/errors/error401.html
ErrorDocument 403 /gestioip/errors/error403.html
ErrorDocument 404 /gestioip/errors/error404.html
ErrorDocument 500 /gestioip/errors/error500.html
AddDefaultCharset utf8
AllowOverride None
Order deny,allow
Deny from all
ErrorDocument 401 /gestioip/errors/error401.html
ErrorDocument 403 /gestioip/errors/error403.html
ErrorDocument 404 /gestioip/errors/error404.html
ErrorDocument 500 /gestioip/errors/error500.html
AddDefaultCharset utf8
AllowOverride None
Satisfy any
Allow from all
ErrorDocument 401 /gestioip/errors/error401.html
ErrorDocument 403 /gestioip/errors/error403.html
ErrorDocument 404 /gestioip/errors/error404.html
ErrorDocument 500 /gestioip/errors/error500.html