No description or website provided.
HTML Puppet Ruby Shell
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
files
manifests
spec
templates
.fixtures.yml
.gitignore
.puppet-lint.rc
.travis.yml
Gemfile
README
Rakefile
metadata.json

README

This module requires stdlib for validate_re support.

Types
#####

# Authentication, Authorization and Access Control

Definitions related to the apache authentication should always be in the form :

apache::auth::type::provider::authorization

To be consistent with the three types of Apache modules involved in the 
authentication and authorization process :
http://httpd.apache.org/docs/2.2/howto/auth.html

The main advantages of this new way to manage authentication are the possibility 
of sharing resources between virtual hosts and access restrictions

######################################
## Simple Basic File Authentication ##
######################################

Example:

1. create one or more users :

   apache::auth::htpasswd {"user1 in /a/path/htpasswd":
    ensure => present,
    user_file_location => "/srv/a/path",
    user_file_name => "htpasswd",
    username => "user1",
    clearPassword => "user1", # use encryption in definition
  }

  apache::auth::htpasswd {"user2 in /var/www/camptocamp.com/private/htpasswd":
    ensure => present,
    vhost => "camptocamp.com"
    username => "user2",
    crypt_password => 'kdrY191UyPY3E', # (htpasswd -ndb user2 user2)
  }
 
2. create one or more groups :

  apache::auth::htgroup {"group1 in /var/www/camptocamp.com/private/htgroup":
    ensure => present,
    groupname => "group1",
    members => "user1 user2",
  }

3. restrict access to a location with these users our groups

  apache::auth::basic::file::group {"group1-webdav1":
    vhost => "camptocamp.com",
    location => "/webdav1",
    groups => "group1",
  }

  apache::auth::basic::file::user {"user1-on-webdav2":
    vhost => "camptocamp.com",
    location => "/webdav2",
    auth_user_file => "/srv/dav0/htpasswd",
    users => "user1", # it not defined -> 'valid-user'
  }

###############################
## Basic LDAP Authentication ##
###############################

Example:

apache::auth::basic::ldap {"collectd":
  vhost => $fqdn,
  location => "/collection3",
  auth_ldap_url => 'ldap://ldap.foobar.ch/c=ch?uid??',
  auth_ldap_group_attribute => "memberUid",
  auth_ldap_group_attribute_is_dn => "off",
  authz_require => "ldap-group ou=foo,ou=bar,o=entreprises,c=ch",
}