camptocamp / puppet-apache
watch download tarball
public
Forks3Right
Watchers9Right
Description:
Homepage:
Clone URL: git://github.com/camptocamp/puppet-apache.git 
changed "absent" behaviour
Cedric Jeanneret (author)
Tue Nov 24 02:13:37 -0800 2009
mfournier (committer)
Wed Nov 25 04:51:03 -0800 2009
commit  e310e4b132ae8a7d0352a9c03d2213554ff7bc5d
tree    9e3f06ed25b57948a8210bad2240b47e79eac8d2
parent  92c290fd0415b08d82d7bd9af693751ae3e28671
name age
history
message
file README Tue Aug 11 06:56:07 -0700 2009 changed crypted only if different [mbornoz]
directory files/ Mon Oct 19 04:58:21 -0700 2009 apache: generate-ssl-cert.sh now accepts cert v... [mfournier]
directory manifests/ Wed Nov 25 04:51:03 -0800 2009 changed "absent" behaviour ensure => absent no... [Cedric Jeanneret]
directory templates/ Fri Oct 23 05:14:10 -0700 2009 apache::auth::basic::ldap: added support for mu... [Cedric Jeanneret]
README
Types
#####

# Authentication, Authorization and Access Control

Definitions related to the apache authentication should always be in the form :

apache::auth::type::provider::authorization

To be consistent with the three types of Apache modules involved in the 
authentication and authorization process :
http://httpd.apache.org/docs/2.2/howto/auth.html

The main advantages of this new way to manage authentication are the possibility 
of sharing resources between virtual hosts and access restrictions

######################################
## Simple Basic File Authentication ##
######################################

Example:

1. create one or more users :

   apache::auth::htpasswd {"user1 in /a/path/htpasswd":
    ensure => present,
    userFileLocation => "/srv/a/path",
    userFileName => "htpasswd",
    username => "user1",
    clearPassword => "user1", # use encryption in definition
  }

  apache::auth::htpasswd {"user2 in /var/www/camptocamp.com/private/htpasswd":
    ensure => present,
    vhost => "camptocamp.com"
    username => "user2",
    cryptPassword => 'kdrY191UyPY3E', # (htpasswd -ndb user2 user2)
  }
 
2. create one or more groups :

  apache::auth::htgroup {"group1 in /var/www/camptocamp.com/private/htgroup":
    ensure => present,
    groupname => "group1",
    members => "user1 user2",
  }

3. restrict access to a location with these users our groups

  apache::auth::basic::file::group {"group1-webdav1":
    vhost => "camptocamp.com",
    location => "/webdav1",
    groups => "group1",
  }

  apache::auth::basic::file::user {"user1-on-webdav2":
    vhost => "camptocamp.com",
    location => "/webdav2",
    authUserFile => "/srv/dav0/htpasswd",
    users => "user1", # it not defined -> 'valid-user'
  }

###############################
## Basic LDAP Authentication ##
###############################

Example:

apache::auth::basic::ldap {"collectd":
  vhost => $fqdn,
  location => "/collection3",
  authLDAPUrl => 'ldap://ldap.foobar.ch/c=ch?uid??',
  authLDAPGroupAttribute => "memberUid",
  authLDAPGroupAttributeIsDN => "off",
  authzRequire => "ldap-group ou=foo,ou=bar,o=entreprises,c=ch",
}