If your organization has Active Directory and Apache deployed, one way to reduce logins is to integrate the two by having HTTP authentication on Apache use Active Directory.

There are several Apache modules that support authentication to an LDAP store, and with the release of Apache 2.0, it is supported natively with the mod_auth_ldap module. The documentation for mod_auth_ldap can be found at the following site: http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html.

The mod_auth_ldap module works in the following way:

If you are still running Apache 1.x, the auth_ldap module is widely used and works in much the same way as mod_auth_ldap. For more information, visit the following site: http://www.rudedog.org/auth_ldap/.

The mod_auth_ldap module isn’t ideal from an Active Directory perspective. Typically, the second step (search for the user’s DN) is completely unnecessary. If you have been configuring a user principal name (UPN) for all of your users, the search could be eliminated by attempting to authenticate the user with its UPN instead of the DN. Active Directory supports binding with either. That means mod_auth_ldap could instead just take the user name entered in the user name/password ...