From: Piotr Wadas Date: Tue, 18 Jul 2006 21:37:28 +0000 (+0000) Subject: warning - watch attribute OIDS, they're not registered X-Git-Url: http://andersk.mit.edu/gitweb/mod-vhost-ldap.git/commitdiff_plain/686ce5d8c7c9fe9c3fe46d4770a0bf056387e783 warning - watch attribute OIDS, they're not registered with IANA nor something, turn schemacheck in your openldap.conf git-svn-id: svn://svn.debian.org/svn/modvhostldap/branches/ext-config/mod-vhost-ldap@46 4dd36cbf-e3fd-0310-983d-db0e06859cf4 --- diff --git a/debian/README.Debian b/debian/README.Debian index a077818..5f485fa 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -1,16 +1,13 @@ libapache2-mod-vhost-ldap and LDAP server support ================================================= -Your LDAP server needs to include mod_vhost_ldap.schema. If You want -additional access control, then include apache_ext.schema also. -If you do not use OpenLDAP you are on your own to build a schema. -I used these lines: +Your LDAP server needs to include module schema files, +functionality. If you do not use OpenLDAP you are on your own to build a schema. +for each kind of functionality (core vhost, auth-perdir, auth-perlocation, +auth-perdirectory). Temporarily remove cgi-suexec support, it +will be added again in the way which cooperates with new aliasing -index apacheServerName,apacheServerAlias,apacheDocumentRoot,apacheServerAdmin pres,eq -index apacheExtConfigUri,apacheExtConfigServerName pres,eq,sub -index apacheLocationOptionsDn,apacheExtConfigRequireValidUser,apacheExtConfigUserDn,apacheExtConfigUserServerName,apacheExtConfigObjectName pres,eq - - -- Piotr Wadas Fri 31 Mar 2006 20:00:08 +0100 + -- Piotr Wadas Tue 18 Jul 2006 11:33:24 +0100 You should configure the LDAP server to maintain indices on apacheServerName, apacheServerAlias and anything you use in your additional search filter. diff --git a/debian/apache_ext.schema b/debian/apache_ext.schema index 99e6546..eda5ee0 100644 --- a/debian/apache_ext.schema +++ b/debian/apache_ext.schema @@ -1,19 +1,6 @@ # # # -attributetype ( 1.1.2.5.4.133 NAME 'apacheLocationOptionsDn' - DESC 'apache Extended Config Object Location' - SUP distinguishedName - ) - -attributetype ( 1.1.2.5.4.134 NAME 'apacheExtConfigUri' - DESC 'apache Extended Config Uri' - SUP name - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} - SINGLE-VALUE - ) attributetype ( 1.1.2.5.4.135 NAME 'apacheExtConfigRequireValidUser' DESC 'apache Extended Config Require Type' @@ -32,6 +19,11 @@ attributetype ( 1.1.2.5.4.137 NAME 'apacheExtConfigUserDn' SUP distinguishedName ) +attributetype ( 1.1.2.5.4.138 NAME 'apacheExtConfigUserName' + DESC 'apache Extended Config UserName' + SUP cn + ) + attributetype ( 1.1.2.5.4.139 NAME 'apacheExtConfigUserServerName' DESC 'apache Extended Config User ServerName' SUP cn @@ -50,31 +42,59 @@ attributetype ( 1.1.2.5.4.141 NAME 'apacheExtConfigHasRequireLine' SINGLE-VALUE ) -attributetype ( 1.1.2.5.4.138 NAME 'apacheExtConfigUserName' - DESC 'apache Extended Config UserName' - SUP cn - SINGLE-VALUE +attributetype ( 1.1.2.5.4.142 NAME 'apacheLocationOptionsDn' + DESC 'apache Extended Config Object Location' + SUP distinguishedName + ) + +attributetype ( 1.1.2.5.4.143 NAME 'apacheExtConfigUri' + DESC 'apache Extended Config Uri' + SUP name + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + ) + +attributetype ( 1.1.2.5.4.181 NAME 'apacheExtConfigPath' + DESC 'apache Extended Config Directory Value' + SUP name + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + ) + +attributetype ( 1.1.2.5.4.182 NAME 'apacheExtConfigUserDirectoryName' + DESC 'apache Extended Config User Directory Name' + SUP name + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} + ) + +attributetype ( 1.1.2.5.4.183 NAME 'apacheExtConfigUserLocationUri' + DESC 'apache Extended Config User Directory Name' + SUP name + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) objectclass ( 1.1.2.5.6.103 NAME 'apacheExtendedConfigLocation' - DESC 'This object class represents managed Group' + DESC 'This object class membership determines whether vhost as access control' MUST ( apacheLocationOptionsDn $ apacheExtConfigHasRequireLine ) AUXILIARY ) objectclass ( 1.1.2.5.6.104 NAME 'apacheExtendedConfigObject' - DESC 'This object class represents managed Group' - MUST ( apacheExtConfigUri $ - apacheExtConfigRequireValidUser $ - apacheExtConfigServerName $ - apacheExtConfigObjectName - ) - MAY ( apacheExtConfigUserDn ) + DESC 'This object class represents access control entry options' + MUST ( apacheExtConfigRequireValidUser $ apacheExtConfigObjectName ) + MAY ( apacheExtConfigServerName $ apacheExtConfigUri $ apacheExtConfigPath $ apacheExtConfigUserDn ) AUXILIARY ) objectclass ( 1.1.2.5.6.105 NAME 'apacheExtendedConfigUserObject' - DESC 'This object class represents managed Group' - MUST ( apacheExtConfigUserName $ apacheExtConfigUserServerName $ userPassword ) + DESC 'This object class represents httpauth user properties' + MUST ( apacheExtConfigUserName $ userPassword ) + MAY ( apacheExtConfigUserServerName $ apacheExtConfigUserDirectoryName $ apacheExtConfigUserLocationUri ) AUXILIARY ) \ No newline at end of file diff --git a/debian/changelog b/debian/changelog index 52b3cd3..cad1b64 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,21 @@ -mod-vhost-ldap (1.0.1-1) unstable; urgency=low +mod-vhost-ldap (2.0.3-1) unstable; urgency=low + + * New release, cleanup, fixes, new features and changes + + -- Piotr Wadas Tue, 18 Jul 2006 12:45:12 +0100 + +mod-vhost-ldap (2.0.0-2) unstable; urgency=low + + * Fixed only-one-user issue + + -- Piotr Wadas Sat, 1 Apr 2006 20:06:42 +0100 + +mod-vhost-ldap (2.0.0-1) unstable; urgency=low * New upstream release. - * Add support for apache-2.2.x (Courtesy of Bart Vanbrabant) + * Added support for ldap-based basic auth/authz - -- Ondřej Surý Fri, 21 Apr 2006 10:57:06 +0200 + -- Piotr Wadas Tue, 28 Mar 2006 22:12:05 +0100 mod-vhost-ldap (1.0.0-1) unstable; urgency=low diff --git a/debian/control b/debian/control index 4f48e77..a4569f1 100644 --- a/debian/control +++ b/debian/control @@ -1,17 +1,19 @@ Source: mod-vhost-ldap Section: web Priority: optional -Maintainer: Ondřej Surý -Standards-Version: 3.6.2 -Build-Depends: debhelper (>> 3.0.0), apache2-threaded-dev (>= 2.0.50-10), libldap-dev +Maintainer: Piotr Wadas +Standards-Version: 3.7.2 +Build-Depends: debhelper (>> 3.0.0), apache2-threaded-dev|apache2-prefork-dev (>= 2.0.50-10), libldap-dev Package: libapache2-mod-vhost-ldap Architecture: any Depends: ${shlibs:Depends}, apache2-common Description: Apache 2 module for Virtual Hosting from LDAP mod-vhost-ldap is Apache 2.x module for storing and configuring - Virtual Hosts from LDAP. It supports DocumentRoot, ScriptAlias, - ServerName, ServerAlias, ServerAdmin and SuexecUserGroup directives. + Virtual Hosts from LDAP. It supports servername aliasing, + virtual location aliasing, http auth perdir and perlocation, + user-defined ldap filter, clear, htpasswd and unix passwords + for auth, fallback vhost and more. . It's build on top of mod_ldap, so it uses it's caching capabilities and can be used with threaded apache. diff --git a/debian/copyright b/debian/copyright index 7be1537..aa50c7e 100644 --- a/debian/copyright +++ b/debian/copyright @@ -5,6 +5,7 @@ It was downloaded from http://alioth.debian.org/projects/modvhostldap/ Copyright: +Copyright (c) 2006, Piotr Wadas Copyright (c) 2005, Ondrej Sury All rights reserved. diff --git a/debian/docs b/debian/docs index 6494fec..66d671d 100644 --- a/debian/docs +++ b/debian/docs @@ -1,3 +1,5 @@ -mod_vhost_ldap.schema TODO README +debian/apache_alias.schema +debian/apache_ext.schema +debian/mod_vhost_ldap.schema diff --git a/debian/rules b/debian/rules index 1e02e32..39c5efb 100755 --- a/debian/rules +++ b/debian/rules @@ -1,7 +1,7 @@ #!/usr/bin/make -f # Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 +export DH_VERBOSE=1 # This is the debhelper compatibility version to use. export DH_COMPAT=4 @@ -11,7 +11,7 @@ export DH_COMPAT=4 DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) -CFLAGS = -Wall -g +CFLAGS = -Wall -Werror -lcrypt -g ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) CFLAGS += -O0 @@ -79,5 +79,9 @@ install: build mkdir -p $(DEST)/etc/apache2/mods-available install -m 644 debian/vhost_ldap.load $(DEST)/etc/apache2/mods-available install -m 644 debian/vhost_ldap.conf $(DEST)/etc/apache2/mods-available + mkdir -p $(DEST)/etc/ldap/schema/mods-available + install -m 644 debian/mod_vhost_ldap.schema $(DEST)/etc/ldap/schema/mod_vhost_ldap.schema + install -m 644 debian/apache_ext.schema $(DEST)/etc/ldap/schema/apache_ext.schema + install -m 644 debian/apache_alias.schema $(DEST)/etc/ldap/schema/apache_alias.schema .PHONY: binary binary-arch binary-indep clean build install diff --git a/debian/vhost_ldap.conf b/debian/vhost_ldap.conf index f5103ea..495364d 100644 --- a/debian/vhost_ldap.conf +++ b/debian/vhost_ldap.conf @@ -1,9 +1,55 @@ ### mod_vhost_ldap depends on mod_ldap ### ### you have to enable mod_ldap as well ### +### and probably set various cache options for it ### + +###scope values: base, one, sub +###deref values: never, finding, searching, always +###remember, user specified filter is checked as RFC-defined ldap filter before substitution +###user filter specified here results with following internal filters and variables: +### _A_ is the server name from the request (vhost server name to find) +### _B_ is the uri for which access control is to be determined +### _C_ is the name of the require valid-user directive (auth prompt message) +### _D_ is the the user-defined filter +### _E_ is the protected physical directory (doesn't need to be existing file or dir) +### _F_ is the alias location uri +### _G_ is the protected uri for which access control is to be determined (see _E_) +### _H_ is the alias uri which is to be aliased to specified directory +### Each use of search filter is logged with debug level + +##################################################################### +### Vhost search +### (&(_D_)(|(apacheServerName=_A_)(apacheServerAlias=_A_))) +##################################################################### +### Protected Location Search +### (&(_D_)(apacheExtConfigServerName=_A_)(apacheExtConfigUri=_B_)) +##################################################################### +### Protected Directory Search +### (&(_D_)(apacheExtConfigPath=_E_)) +##################################################################### +### Alias Object Search +### (&(_D_)(apacheAliasConfigServerName=_A_)(apacheAliasConfigSourceUri=_H_)) +##################################################################### +### Web user Location Search +### (&(_D_)(objectClass=apacheExtendedConfigUserObject)(apacheExtConfigUserServerName=_A_)(apacheExtConfigUserLocationUri=_G_)) +##################################################################### +### Web user Directory Search +### (&(_D_)(objectClass=apacheExtendedConfigUserObject)(apacheExtConfigUserDirectoryName=_E_)) +################################## + +### ldap[si]://host[:port]/basedn[?attrib[?scope[?filter]]] + + VhostLdapEnabled On + VhostLdapUrl ldap[si]://host[:port]/basedn[?attrib[?scope[?filter]]] + #VhostLdapUrl ldap://hostname:389/dc=foo,dc=bar?*?sub?objectClass=activeObject + VhostLdapBindDn "cn=read only apache admin,dc=foo,dc=bar" + VhostLdapBindPw "secretpassword" + VhostLdapWlcBaseDn "ou=webAccess,dc=foo,dc=bar" + VhostLdapWucBaseDn "ou=webAccounts,dc=foo,dc=bar" + VhostLdapAliasesBaseDn "ou=webAliases,dc=foo,dc=bar" + VhostLdapDeref "never" + VhostLdapFallback default + VhostAliasesEnabled On + VhostLocAuthEnabled On + VhostDirAuthEnabled On + - - VhostLDAPEnabled on - VhostLDAPUrl "ldap://127.0.0.1/ou=vhosts,ou=web,dc=localhost" - VhostLdapBindDN "cn=admin,dc=localhost" - VhostLDAPBindPassword "changeme" - diff --git a/debian/vhost_ldap.load b/debian/vhost_ldap.load index aa6dfaf..7ba29c1 100644 --- a/debian/vhost_ldap.load +++ b/debian/vhost_ldap.load @@ -1,2 +1 @@ LoadModule vhost_ldap_module /usr/lib/apache2/modules/mod_vhost_ldap.so -