wiki:Puppet/Web/Web Auth

Version 5 (modified by Scott Wales, 8 years ago) (diff)

--

Web Authentication

Note: LDAP uses basic auth, so passwords are NOT ENCRYPTED by default. Make sure you set up SSL?

To enable authentication using NCI's LDAP directory for an Apache server add a config section like:

<Location />
    Deny from all
    Satisfy any

    AuthType            Basic
    AuthBasicProvider   ldap
    AuthLDAPURL         "ldaps://sfldap0.anu.edu.au/ou=People,dc=apac,dc=edu,dc=au"
    AuthName            "Please enter your NCI credentials"
    require             valid-user
</Location>

You will also need to turn off LDAP certificate verification by adding to httpd.conf:

LDAPVerifyServerCert Off

Sample setup with all of the modules required using the puppetlabs/apache class is

class roles::webserver {
  include apache

  # ...

  # Required for LDAP authentication
  include apache::mod::auth_basic
  apache::mod{'authz_user':}
  apache::mod{'authz_default':}
  class {'apache::mod::authnz_ldap':
    verifyServerCert => false,
  }

}