Table of Contents
Apache Stuff
Auth with Login + Network, RP'ed
Notes:
- This is using X-Forwarded-For, cause it comes from a reverse proxy
- Use 'Satisfy all' for network AND auth acls
# Ignore certificate issues LDAPVerifyServerCert off <Location /protected/> # Match the regex, which is currently these subnets: # 192.168.0.50 (PC for testing) # 123.45.67. (Network to allow) SetEnvIf X-Forwarded-For ^(10\.65\.136\.80|129\.78\.77\.) acl Order allow,deny Allow from env=acl Satisfy any # If we don't match the above, ask for Unikey Require valid-user AuthType Basic AuthBasicProvider ldap AuthName "Protected Realm" AuthLDAPURL "ldaps://ldapserver/OU=People,DC=newioit,DC=com,DC=au?cn?sub?(objectClass=*)" SSL AuthLDAPBindDN "cn=linuxbind,ou=services,DC=newioit,DC=com,DC=au" AuthLDAPBindPassword "supasecret" AuthzLDAPAuthoritative off </Location>
Authenticate with an AD
Notes:
- Make sure to use the GC port 3268. LDAP port 389 seems to bork for some reason
- The NONE on the end of AuthLDAPURL means use no encryption
<Location /> AuthType Basic AuthBasicProvider ldap AuthName "Some Realm" AuthLDAPURL "ldap://adserver:3268/DC=newioit,DC=com,DC=au?sAMAccountName?sub?(objectClass=*)" NONE AuthLDAPBindDN "CN=LDAPUser,OU=Users,DC=newioit,DC=com,DC=au" AuthLDAPBindPassword "xxxxxxxx" require valid-user </Location>
Compile mod_proxy_html
Requires http-devel (apxs), libxml2 and libxml2-devel
cd /usr/src unzip mod_proxy_html.zip cd mod_proxy_html ln -s /usr/include/libxml2/libxml/ /usr/include/libxm apxs -I. -i -c mod_proxy_html.c
Create Self Signed Cert on RHEL
yum install httpd mod_ssl openssl crypto-utils genkey ee-app-pro-01.ucc.usyd.edu.au #Keys get stored in #/etc/pki/tls/private/ee-app-pro-01.ucc.usyd.edu.au.key #/etc/pki/tls/certs/ee-app-pro-01.ucc.usyd.edu.au.cert