Notes:

• This is using X-Forwarded-For, cause it comes from a reverse proxy
• Use 'Satisfy all' for network AND auth acls

  # Ignore certificate issues
  LDAPVerifyServerCert off

  <Location /protected/>
        # Match the regex, which is currently these subnets:
        #  192.168.0.50  (PC for testing)
        #  123.45.67.    (Network to allow)
        SetEnvIf X-Forwarded-For ^(10\.65\.136\.80|129\.78\.77\.) acl
        Order allow,deny
        Allow from env=acl
        Satisfy any

        # If we don't match the above, ask for Unikey
        Require valid-user
        AuthType Basic
        AuthBasicProvider ldap
        AuthName "Protected Realm"
        AuthLDAPURL "ldaps://ldapserver/OU=People,DC=newioit,DC=com,DC=au?cn?sub?(objectClass=*)" SSL
        AuthLDAPBindDN "cn=linuxbind,ou=services,DC=newioit,DC=com,DC=au"
        AuthLDAPBindPassword "supasecret"
        AuthzLDAPAuthoritative off
  </Location>

Notes:

• Make sure to use the GC port 3268. LDAP port 389 seems to bork for some reason
• The NONE on the end of AuthLDAPURL means use no encryption

<Location />
  AuthType Basic
  AuthBasicProvider ldap
  AuthName "Some Realm"
  AuthLDAPURL "ldap://adserver:3268/DC=newioit,DC=com,DC=au?sAMAccountName?sub?(objectClass=*)" NONE
  AuthLDAPBindDN "CN=LDAPUser,OU=Users,DC=newioit,DC=com,DC=au"
  AuthLDAPBindPassword "xxxxxxxx"
  require valid-user
</Location>

Requires http-devel (apxs), libxml2 and libxml2-devel

cd /usr/src
unzip mod_proxy_html.zip
cd mod_proxy_html
ln -s /usr/include/libxml2/libxml/ /usr/include/libxm
apxs -I. -i -c mod_proxy_html.c

yum install httpd mod_ssl openssl crypto-utils
genkey ee-app-pro-01.ucc.usyd.edu.au
#Keys get stored in
#/etc/pki/tls/private/ee-app-pro-01.ucc.usyd.edu.au.key             
#/etc/pki/tls/certs/ee-app-pro-01.ucc.usyd.edu.au.cert