forked from camptocamp/puppet-apache_c2c
-
Notifications
You must be signed in to change notification settings - Fork 1
/
README
78 lines (58 loc) · 2.1 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Types
#####
# Authentication, Authorization and Access Control
Definitions related to the apache authentication should always be in the form :
apache::auth::type::provider::authorization
To be consistent with the three types of Apache modules involved in the
authentication and authorization process :
http://httpd.apache.org/docs/2.2/howto/auth.html
The main advantages of this new way to manage authentication are the possibility
of sharing resources between virtual hosts and access restrictions
######################################
## Simple Basic File Authentication ##
######################################
Example:
1. create one or more users :
apache::auth::htpasswd {"user1 in /a/path/htpasswd":
ensure => present,
userFileLocation => "/srv/a/path",
userFileName => "htpasswd",
username => "user1",
clearPassword => "user1", # use encryption in definition
}
apache::auth::htpasswd {"user2 in /var/www/camptocamp.com/private/htpasswd":
ensure => present,
vhost => "camptocamp.com"
username => "user2",
cryptPassword => 'kdrY191UyPY3E', # (htpasswd -ndb user2 user2)
}
2. create one or more groups :
apache::auth::htgroup {"group1 in /var/www/camptocamp.com/private/htgroup":
ensure => present,
groupname => "group1",
members => "user1 user2",
}
3. restrict access to a location with these users our groups
apache::auth::basic::file::group {"group1-webdav1":
vhost => "camptocamp.com",
location => "/webdav1",
groups => "group1",
}
apache::auth::basic::file::user {"user1-on-webdav2":
vhost => "camptocamp.com",
location => "/webdav2",
authUserFile => "/srv/dav0/htpasswd",
users => "user1", # it not defined -> 'valid-user'
}
###############################
## Basic LDAP Authentication ##
###############################
Example:
apache::auth::basic::ldap {"collectd":
vhost => $fqdn,
location => "/collection3",
authLDAPUrl => 'ldap://ldap.foobar.ch/c=ch?uid??',
authLDAPGroupAttribute => "memberUid",
authLDAPGroupAttributeIsDN => "off",
authzRequire => "ldap-group ou=foo,ou=bar,o=entreprises,c=ch",
}