Line 1: |
Line 1: |
| + | {{Level|Developer}} |
| =Generic Instructions for building a Web Application RPM= | | =Generic Instructions for building a Web Application RPM= |
| | | |
Line 233: |
Line 234: |
| $OUT .= " AuthName \"$name\"\n"; | | $OUT .= " AuthName \"$name\"\n"; |
| $OUT .= " AuthType Basic\n"; | | $OUT .= " AuthType Basic\n"; |
| + | $OUT .= " AuthBasicProvider external\n"; |
| $OUT .= " AuthExternal pwauth\n"; | | $OUT .= " AuthExternal pwauth\n"; |
| $OUT .= " require valid-user\n"; | | $OUT .= " require valid-user\n"; |
Line 248: |
Line 250: |
| $OUT .= " AuthName \"$name\"\n"; | | $OUT .= " AuthName \"$name\"\n"; |
| $OUT .= " AuthType Basic\n"; | | $OUT .= " AuthType Basic\n"; |
| + | $OUT .= " AuthBasicProvider external\n"; |
| $OUT .= " AuthExternal pwauth\n"; | | $OUT .= " AuthExternal pwauth\n"; |
| '''$OUT .= " require valid-user\n";''' | | '''$OUT .= " require valid-user\n";''' |
Line 258: |
Line 261: |
| $OUT .= " AuthName \"$name\"\n"; | | $OUT .= " AuthName \"$name\"\n"; |
| $OUT .= " AuthType Basic\n"; | | $OUT .= " AuthType Basic\n"; |
| + | $OUT .= " AuthBasicProvider external\n"; |
| $OUT .= " AuthExternal pwauth\n"; | | $OUT .= " AuthExternal pwauth\n"; |
| '''$OUT .= " require user admin pierre paul\n";''' | | '''$OUT .= " require user admin pierre paul\n";''' |
Line 272: |
Line 276: |
| chown root:www /usr/lib/httpd/modules/unixgroup | | chown root:www /usr/lib/httpd/modules/unixgroup |
| chmod 750 /usr/lib/httpd/modules/unixgroup | | chmod 750 /usr/lib/httpd/modules/unixgroup |
| + | |
| + | We need to create a new fragment<br /> |
| | | |
| nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth | | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth |
| { | | { |
− | $OUT .= " AddExternalGroup ugroup /usr/lib/httpd/modules/unixgroup\n"; | + | $OUT .= " AddExternalGroup unixgroup /usr/lib/httpd/modules/unixgroup\n"; |
− | $OUT .= " SetExternalGroupMethod ugroup environment\n"; | + | $OUT .= " SetExternalGroupMethod unixgroup environment\n"; |
| } | | } |
| | | |
Line 284: |
Line 290: |
| $OUT .= " AuthName \"$name\"\n"; | | $OUT .= " AuthName \"$name\"\n"; |
| $OUT .= " AuthType Basic\n"; | | $OUT .= " AuthType Basic\n"; |
| + | $OUT .= " AuthBasicProvider external\n"; |
| $OUT .= " AuthExternal pwauth\n"; | | $OUT .= " AuthExternal pwauth\n"; |
− | $OUT .= " GroupExternal ugroup\n"; | + | $OUT .= " GroupExternal unixgroup\n"; |
| $OUT .= " AuthzUserAuthoritative off\n"; | | $OUT .= " AuthzUserAuthoritative off\n"; |
| '''$OUT .= " require user admin pierre paul\n";''' | | '''$OUT .= " require user admin pierre paul\n";''' |
Line 308: |
Line 315: |
| chown root:www /usr/lib/httpd/modules/unixgroup | | chown root:www /usr/lib/httpd/modules/unixgroup |
| chmod 750 /usr/lib/httpd/modules/unixgroup | | chmod 750 /usr/lib/httpd/modules/unixgroup |
| + | We need to create a new fragment<br /> |
| + | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth |
| + | { |
| + | $OUT .= " AddExternalGroup unixgroup /usr/lib/httpd/modules/unixgroup\n"; |
| + | $OUT .= " SetExternalGroupMethod unixgroup environment\n"; |
| + | } |
| + | |
| + | |
| + | Now you need to modify the 92foo template with these new lines <br /> |
| + | |
| + | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo |
| + | |
| + | { |
| + | $OUT .= " AuthName \"$name\"\n"; |
| + | $OUT .= " AuthType Basic\n"; |
| + | $OUT .= " AuthExternal pwauth\n"; |
| + | $OUT .= " GroupExternal unixgroup\n"; |
| + | $OUT .= " AuthzUserAuthoritative off\n"; |
| + | $OUT .= " require user $foo{'User'}\n"; |
| + | $OUT .= " require group $foo{'Group'}\n"; |
| + | $OUT .= " Satisfy $satisfy\n"; |
| + | } |
| + | |
| + | -change groups and users allowed by CL |
| + | |
| + | config setprop foo User "admin toto" |
| + | config setprop foo Group "famille virt" |
| + | then |
| + | signal-event console-save |
| + | |
| + | =====SME Server 9===== |
| + | The apache authentication is made by a new file named authnz_external_module instead of auth_external_module, therefore you need to slightly modify the code above. <br /> |
| + | If it is not done you can have this error in log file and you won't be authenticated |
| + | configuration error: couldn't check user. No user file?: |
| + | See this [http://code.google.com/p/mod-auth-external/wiki/ConfigApache22 howTo]. You need to verify if your /etc/httpd/conf/httpd.conf contain these lines |
| + | AddExternalGroup unixgroup /usr/bin/unixgroup |
| + | SetExternalGroupMethod unixgroup environment |
| + | |
| + | We are waiting the default use of authenticator unixgroup in sme9 (see [[bugzilla:8008]]). For now you need to make the relevant fragment template. |
| | | |
| nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth | | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/35-group-auth |
| { | | { |
− | $OUT .= " AddExternalGroup ugroup /usr/lib/httpd/modules/unixgroup\n"; | + | $OUT .= " AddExternalGroup unixgroup /usr/bin/unixgroup\n"; |
− | $OUT .= " SetExternalGroupMethod ugroup environment\n"; | + | $OUT .= " SetExternalGroupMethod unixgroup environment\n"; |
| } | | } |
− |
| + | |
| nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo | | nano /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92foo |
| | | |
| { | | { |
| $OUT .= " AuthName \"$name\"\n"; | | $OUT .= " AuthName \"$name\"\n"; |
| + | $OUT .= " '''AuthBasicProvider external'''\n"; |
| $OUT .= " AuthType Basic\n"; | | $OUT .= " AuthType Basic\n"; |
| $OUT .= " AuthExternal pwauth\n"; | | $OUT .= " AuthExternal pwauth\n"; |
− | $OUT .= " GroupExternal ugroup\n"; | + | $OUT .= " GroupExternal unixgroup\n"; |
| $OUT .= " AuthzUserAuthoritative off\n"; | | $OUT .= " AuthzUserAuthoritative off\n"; |
| $OUT .= " require user $foo{'User'}\n"; | | $OUT .= " require user $foo{'User'}\n"; |
Line 328: |
Line 375: |
| } | | } |
| | | |
− | -change groups and usersby CL | + | -change groups and users allowed by CL |
| | | |
| config setprop foo User "admin toto" | | config setprop foo User "admin toto" |
Line 363: |
Line 410: |
| | | |
| { | | { |
− | my $status = $roundcube{'status'} || "disabled"; | + | my $status = $foo{'status'} || "disabled"; |
− | return " # roundcube is disabled in this VirtualHost" | + | return " # foo is disabled in this VirtualHost" |
| unless $status eq 'enabled'; | | unless $status eq 'enabled'; |
| | | |
Line 524: |
Line 571: |
| global-pw => Entire Internet(password required) | | global-pw => Entire Internet(password required) |
| global-pw-remote => Entire Internet(password required outside local network) | | global-pw-remote => Entire Internet(password required outside local network) |
| + | |
| + | *change groups and users allowed by CL |
| + | |
| + | config setprop foo User "admin toto" |
| + | config setprop foo Group "famille virt" |
| + | then |
| + | signal-event console-save |
| | | |
| * To add a different URL eg. yourserver.net/foo | | * To add a different URL eg. yourserver.net/foo |