Xinet Active Directory Integration Support

Overview

You want to utilize Active Directory authentication within your Xinet environment. You want to verify whether your environment is compatible with the Xinet Active Directory integration.

Solution

Active Development of the Apache AD Modules necessary for the integration is limited. An updated AD module for use with RHEL/CentOS Linux 7 and Apache 2.4.6 has been made available and can be found attached.

The steps below are provided as guidance for System Admins looking to integrate Active Directory with Xinet, however, newer versions of Xinet have not been tested or verified, and support is limited.

Prerequisites

• Xinet Server joined to Active Directory Domain. (Ex. Realmd, Centrify)

Configuration

1. Backup the "Xinet" folder and overwrite it with the contents of "Login":

   # cp /etc/pam.d/xinet /etc/pam.d/xinet.backup
   # cp /etc/pam.d/login /etc/pam.d/xinet

2. Download and Install Xinet
3. Download the appropriate legacy Xinet Apache module. (See Additional Resources below)
   1. Place the module within /etc/httpd/modules/
   2. Verify the permissions match that of the other modules.
4. Edit /etc/httpd/conf/httpd.conf:
   1. Backup before continuing:

      # cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak

   2. Add the following line to the LoadModule section:
      1. LoadModule auth_xinet_module "<full path to the module>"
      2. Example: LoadModule auth_xinet_module "/usr/lib64/httpd/modules/mod_auth_xinet2.so"
   3. Replace all instances of "AuthUserFile" with "XinetAuthUserFile":
      1. Search for this line:
         1. AuthUserFile /var/adm/webnative/apache.userfile
      2. Replace it with:
         1. XinetAuthUserFile /var/adm/webnative/apache.userfile
      3. Note: There should be 3 instances to replace.
5. Restart Apache:

   # /usr/sbin/apachectl restart

   1. While Apache is loading module auth_xinet2.so, it may complain that it can’t find library ‘libldap.so.2’. Usually, that library is in the /usr/lib directory. If the library is not there, make a symbolic link to the latest libldap version and restart Apache again.
      1. For example, if the latest LDAP library is libldap-2.3.so.0.2.15:

         # cd /usr/lib
         # ln –s libldap-2.3.so.0.2.15 libldap.so.2

6. Create a system.userlist file
   1. In order for WebNative to pull the user information from Active Directory, you will need
      to create a blank file named system.userlist by running this command in the terminal:

      # touch /usr/etc/webnative/system.userlist

   2. Upon logging into the WebNative Admin portal, your AD users should appear in the Users list.

Additional Resources

The Legacy Team originally provided these details within Tech Note 218 for Xinet 17 or earlier. You can access these directly by logging into the Xinet Reseller Portal and selecting Tech Notes for additional details.

• Xinet Apache Module - RHEL/CentOS 7 (Updated)
• Xinet Apache Module - Red Hat Linux 32bit (Legacy)
• Xinet Apache Module - Red Hat Linux 64bit (Legacy)
• Xinet Apache Module - Windows Server 2003 R2 Standard (Legacy)

Legacy Configuration Guides

• Xinet Active Directory Integration on Red Hat Linux ES 5 32bit/64bit (352KB PDF file)
• Xinet Active Directory Integration on Windows Server 2003 R2 Standard (568KB PDF file)
• Xinet Open Directory Integration on OS X Server (656KB PDF file)

Please contact your Account Manager directly with any inquiries relating to future development plans.