Changes

From Amahi Wiki
Jump to: navigation, search
2,148 bytes added ,  15:16, 10 May 2010
no edit summary
</div>
Replace '''uid=some_user''' with the Linux username you want to modify.
 
==Control a web-application access using LDAP==
The procedure below will allow you to use Linux user accounts to allow or deny access to specific web-applications.<br/>
Note that this level of authentication '''will not replace''' the web-app login, if any (there are exceptions). It will prevent or allow specific users to reach the web-app homepage.
 
<div style="text-align: left; border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">
cat > give_webapp_access.ldif <<'EOF'<br/>
dn: uid=some_user,ou=People,dc=home,dc=com
changetype: modify
add: authorizedService
authorizedService: webapp-some_name
EOF<br/>
ldapadd -h localhost -D "cn=root,$SUFFIX" -w admin -x -f give_webapp_access.ldif
</div>
Replace '''uid=some_user''' with the Linux username you want to modify, and '''some_name''' with the name of the web-app you want to protect (for example, ''authorizedService: webapp-bookmarks'').
 
You'll also need to modify the httpd conf for the web-app you want to protect.<br/>
You'll find it in ''/etc/httpd/conf.d/xxxx-web_app_name.conf''<br/>
In this file, remove the following two lines:
<div style="text-align: left; border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">
Order allow,deny<br/>
Allow from all
</div>
 
And replace them with those lines:
 
<div style="text-align: left; border: 1px solid #A3B1BF; padding: .5em 1em; color: #000; background-color: #E6F2FF; margin: 3px 3px 1em 3px;">
Deny from all<br/>
Order deny,allow<br/>
AllowOverride None<br/>
AuthType Basic<br/>
AuthName LDAP<br/>
AuthBasicAuthoritative off<br/>
AuthBasicProvider ldap<br/>
AuthzLDAPAuthoritative on<br/>
AuthLDAPURL ldap://127.0.0.1/dc=home,dc=com?uid?sub?(authorizedService=webapp-some_name)<br/>
require valid-user<br/>
satisfy any<br/>
AuthLDAPBindDN "cn=root,dc=home,dc=com"<br/>
AuthLDAPBindPassword "admin"
</div>
Replace '''some_name''' with the name of the web-app you want to protect (for example, ''authorizedService: webapp-bookmarks''). Make sure to use the same string as you used in ''give_webapp_access.ldif'' above.