Apache веб-сервер - обход аутентификации ldap изнутри сети

Question

У меня есть ниже conf, чтобы пользователи из сети нашей компании могли получить доступ к сайту без идентификатора пользователя или пароля.

<Location /> 
     Require valid-user 
     Order allow,deny 
     Allow from 1XX.2XX.0.0/16 
     Allow from 10.0.0.0/8 
     Allow from 127.0.0.1 
     Satisfy Any 

     AuthType Basic 
     AuthName "Enter your ID and password" 
     AuthBasicProvider ldap 
     Include /abc/httpd/conf/ldap_userinfo.conf 

     AuthLDAPGroupAttribute member 

     ### Add application ldap-user/ldap-group below ###   
     Require ldap-group CN=AP-ABC-PREVIEWSITE-USERS,OU=GROUPS,OU=ABC INFRASTRUCTURE,DC=i,DC=abc,DC=com 
     ErrorDocument 401 "Please use correct id and password for access to   this site" 

    </Location> 

После добавления пользователи видят приглашение ввести идентификатор пользователя и пароль, но могут нажимать на отменить и получить доступ к сайту. Как я могу подавить подсказку?

Answer 1

FOR VERIFICATION: 
      Some of our webservers are behind firewalls that require the LDAP port opened. By default, the active directory LDAP service listens on TCP port 389. 
fm@susie112:~> telnet 192.168.100.2 389 
Trying 192.168.100.2... 
Connected to 192.168.100.2. 
Escape character is '^]'. 
^CConnection closed by foreign host. 
fm@susie112:~> 

For Enabling LDAP services: 
fm@susie112:/home/fm # vi /etc/apache2/vhosts/myvirtualhost.conf 
.... 
<Directory "/srv/www/ssl-root/restricted-directory"> 
    # Basic authentication with LDAP against MS AD 
    AuthType Basic 
    AuthBasicProvider ldap 

    # AuthLDAPURL specifies the LDAP server IP, port, base DN, scope and filter 
    # using this format: ldap://host:port/basedn?attribute?scope?filter 
    AuthLDAPURL "ldap://192.168.100.1:389 192.168.100.2:389/DC=frank4dd,DC=com?sAMAccountName?sub?(objectClass=user)" NONE 

    # The LDAP bind username and password 
    AuthLDAPBindDN "ldapconnect@frank4dd.com" 
    AuthLDAPBindPassword "ldaps3cUr3!" 

    # we want to allow authentication only through LDAP, no fallback 
    AuthzLDAPAuthoritative on 
    AuthUserFile /dev/null 
    # The name of this authentication realm 
    AuthName "Restricted Dir [Domain Account]" 
    # To authenticate single domain users, list them here 
    #require ldap-user frank4dd 
    # to authenticate a domain group, specify the full DN 
    AuthLDAPGroupAttributeIsDN on 
    require ldap-group CN=acl_secure_exchange,OU=Global Groups,OU=User,DC=frank4dd,DC=com 
    ... 
</Directory> 

For Configuration: 
fm@susie112:/home/fm # vi /etc/apache2/httpd.conf.local 
... 
# Enable the LDAP connection pool and shared 
# memory cache. Enable the LDAP cache status 
# handler. Requires mod_ldap and mod_authnz_ldap 
# to be loaded. 

LDAPSharedCacheSize 500000 
LDAPCacheEntries 1024 
LDAPCacheTTL 600 
LDAPOpCacheEntries 1024 
LDAPOpCacheTTL 600 
# Wait x seconds before trying the next LDAP server in our list 
LDAPConnectionTimeout 5 

<Location /ldap-status> 
    SetHandler ldap-status 
    Order deny,allow 
    Deny from all 
    # restrict access only to mgt systems 
    Allow from localhost 127.0.0.1 192.168.1 
</Location>