Changes

Jump to navigation Jump to search
1,811 bytes added ,  11:21, 31 January 2011
m
no edit summary
Line 83: Line 83:  
=== Domain Name change ===
 
=== Domain Name change ===
 
When you first install this contrib, the main domain name is used in the default LemonLDAP configuration. If you later change the main domain name, you'll need to adapt LemonLDAP configuration manually (using https://sso-manager.domain.tld/)
 
When you first install this contrib, the main domain name is used in the default LemonLDAP configuration. If you later change the main domain name, you'll need to adapt LemonLDAP configuration manually (using https://sso-manager.domain.tld/)
 +
 +
=== How-to protect applications ===
 +
Here's quick guide on how to protect an web application with LemonLDAP::NG on SME Server:
 +
 +
* First, you can install your application (for example in /opt/myapp)
 +
* Now, you need to create a custom template to make this application available from the web. LemonLDAP::NG uses VirtualHosts to protect different application, so it's recommanded to not create alias on the primary domain in your custom-template. A dedicated virtualhost will be created later to access the application. Here's a example of custom-template:
 +
 +
# MyApp configuration
 +
 +
<Directory /opt/kplaylist>
 +
    AllowOverride None
 +
    SSLRequireSSL on
 +
    AddType application/x-httpd-php .php
 +
    php_admin_value open_basedir /opt/myapp:/tmp
 +
    order deny,allow
 +
    deny from all
 +
    allow from {"$localAccess $externalSSLAccess";}
 +
    Satisfy all
 +
</Directory>
 +
 +
Ok, now the application is ready to be served, but is not accessible yet (because there's no alias to make this application accessible).
 +
 +
* Create a domain for this application
 +
 +
db domains set myapp.domain.tld domain Content Primary \
 +
Description 'My App' DocumentRoot /opt/myapp LemonLDAP enabled \
 +
Nameservers internet TemplatePath WebAppVirtualHost
 +
 +
 +
It's important to set TemplatePath to WebAppVirtualHost. Those templates are provided by smeserver-webapps-common package (automatically installed, as it's need by LemonLDAP). Those templates make it easy to protect any virtualhost by LemonLDAP::NG
 +
 +
* Ok, now your application is available from this addresse https://myapp.domain.tld/ but you'll get a access denied if you try to access it now. The last steop is to declare myapp.domain.tld in LemonLDAP::NG. This is done using the configuration manager (https://sso-manager.domain.tld). You can then set the access rules you want.
    
=== Troubleshoot ===
 
=== Troubleshoot ===

Navigation menu