Table of Contents
Apache Stuff
Auth with Login + Network, RP'ed
Notes:
- This is using X-Forwarded-For, cause it comes from a reverse proxy
- Use 'Satisfy all' for network AND auth acls
# Ignore certificate issues
LDAPVerifyServerCert off
<Location /protected/>
# Match the regex, which is currently these subnets:
# 192.168.0.50 (PC for testing)
# 123.45.67. (Network to allow)
SetEnvIf X-Forwarded-For ^(10\.65\.136\.80|129\.78\.77\.) acl
Order allow,deny
Allow from env=acl
Satisfy any
# If we don't match the above, ask for Unikey
Require valid-user
AuthType Basic
AuthBasicProvider ldap
AuthName "Protected Realm"
AuthLDAPURL "ldaps://ldapserver/OU=People,DC=newioit,DC=com,DC=au?cn?sub?(objectClass=*)" SSL
AuthLDAPBindDN "cn=linuxbind,ou=services,DC=newioit,DC=com,DC=au"
AuthLDAPBindPassword "supasecret"
AuthzLDAPAuthoritative off
</Location>
Authenticate with an AD
Notes:
- Make sure to use the GC port 3268. LDAP port 389 seems to bork for some reason
- The NONE on the end of AuthLDAPURL means use no encryption
<Location /> AuthType Basic AuthBasicProvider ldap AuthName "Some Realm" AuthLDAPURL "ldap://adserver:3268/DC=newioit,DC=com,DC=au?sAMAccountName?sub?(objectClass=*)" NONE AuthLDAPBindDN "CN=LDAPUser,OU=Users,DC=newioit,DC=com,DC=au" AuthLDAPBindPassword "xxxxxxxx" require valid-user </Location>
Compile mod_proxy_html
Requires http-devel (apxs), libxml2 and libxml2-devel
cd /usr/src unzip mod_proxy_html.zip cd mod_proxy_html ln -s /usr/include/libxml2/libxml/ /usr/include/libxm apxs -I. -i -c mod_proxy_html.c
Create Self Signed Cert on RHEL
yum install httpd mod_ssl openssl crypto-utils genkey ee-app-pro-01.ucc.usyd.edu.au #Keys get stored in #/etc/pki/tls/private/ee-app-pro-01.ucc.usyd.edu.au.key #/etc/pki/tls/certs/ee-app-pro-01.ucc.usyd.edu.au.cert