Web Authentication

Note: LDAP uses basic auth, so passwords are NOT ENCRYPTED by default. Make sure you set up Puppet/Web/HTTPS for anything that deals with passwords (preferably all pages)

To enable authentication using NCI's LDAP directory for an Apache server add a config section like:

<Location />
    Order allow,deny
    Allow from all
    Satisfy all

    AuthType            Basic
    AuthBasicProvider   ldap
    AuthLDAPURL         "ldaps://sfldap0.anu.edu.au/ou=People,dc=apac,dc=edu,dc=au"
    AuthName            "Please enter your NCI credentials"
    require             valid-user
</Location>

To restrict access to a specific group use 'require ldap-group' with the full LDAP group ID:

<Location />
    Order allow,deny
    Allow from all
    Satisfy all

    AuthType                   Basic
    AuthBasicProvider          ldap
    AuthLDAPURL                "ldaps://sfldap0.anu.edu.au/ou=People,dc=apac,dc=edu,dc=au?uid"
    AuthName                   "Please enter your NCI credentials"
    Require                    ldap-group cn=access,ou=Group,dc=apac,dc=edu,dc=au
    AuthLDAPGroupAttribute     memberUid
    AuthLDAPGroupAttributeIsDN off

</Location>

You will also need to turn off LDAP certificate verification by adding to httpd.conf:

LDAPVerifyServerCert Off

Sample setup with all of the modules required using the puppetlabs/apache class is

class roles::webserver {
  include apache

  # ...

  # Required for LDAP authentication
  include apache::mod::auth_basic
  apache::mod{'authz_user':}
  apache::mod{'authz_default':}
  class {'apache::mod::authnz_ldap':
    verifyServerCert => false,
  }

}

Puppet_Web_Web Auth - ACCESS-NRI/accessdev-Trac-archive GitHub Wiki

Web Authentication

⚠️ GitHub.com Fallback ⚠️

Puppet_Web_Web Auth - ACCESS-NRI/accessdev-Trac-archive GitHub Wiki

Web Authentication

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️