Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/camptocamp/puppet-apache_c2c

Last synced: 8 days ago
JSON representation

Host: GitHub
URL: https://github.com/camptocamp/puppet-apache_c2c
Owner: camptocamp
Created: 2008-12-03T16:34:48.000Z (almost 16 years ago)
Default Branch: master
Last Pushed: 2018-09-07T12:36:43.000Z (about 6 years ago)
Last Synced: 2024-08-02T14:09:22.872Z (3 months ago)
Language: HTML
Homepage:
Size: 991 KB
Stars: 68
Watchers: 16
Forks: 53
Open Issues: 1
Metadata Files:
- Readme: README

Awesome Lists containing this project

README

        This module requires stdlib for validate_re support.

Types

#####

# Authentication, Authorization and Access Control

Definitions related to the apache authentication should always be in the form :

apache::auth::type::provider::authorization

To be consistent with the three types of Apache modules involved in the 

authentication and authorization process :

http://httpd.apache.org/docs/2.2/howto/auth.html

The main advantages of this new way to manage authentication are the possibility 

of sharing resources between virtual hosts and access restrictions

######################################

## Simple Basic File Authentication ##

######################################

Example:

1. create one or more users :

   apache::auth::htpasswd {"user1 in /a/path/htpasswd":

    ensure => present,

    user_file_location => "/srv/a/path",

    user_file_name => "htpasswd",

    username => "user1",

    clearPassword => "user1", # use encryption in definition

  }

  apache::auth::htpasswd {"user2 in /var/www/camptocamp.com/private/htpasswd":

    ensure => present,

    vhost => "camptocamp.com"

    username => "user2",

    crypt_password => 'kdrY191UyPY3E', # (htpasswd -ndb user2 user2)

  }

 

2. create one or more groups :

  apache::auth::htgroup {"group1 in /var/www/camptocamp.com/private/htgroup":

    ensure => present,

    groupname => "group1",

    members => "user1 user2",

  }

3. restrict access to a location with these users our groups

  apache::auth::basic::file::group {"group1-webdav1":

    vhost => "camptocamp.com",

    location => "/webdav1",

    groups => "group1",

  }

  apache::auth::basic::file::user {"user1-on-webdav2":

    vhost => "camptocamp.com",

    location => "/webdav2",

    auth_user_file => "/srv/dav0/htpasswd",

    users => "user1", # it not defined -> 'valid-user'

  }

###############################

## Basic LDAP Authentication ##

###############################

Example:

apache::auth::basic::ldap {"collectd":

  vhost => $fqdn,

  location => "/collection3",

  auth_ldap_url => 'ldap://ldap.foobar.ch/c=ch?uid??',

  auth_ldap_group_attribute => "memberUid",

  auth_ldap_group_attribute_is_dn => "off",

  authz_require => "ldap-group ou=foo,ou=bar,o=entreprises,c=ch",

}