1# NOTE: THIS CONFIGURATION IS FOR APACHE 2 ONLY. 2# 3# Modify this to your liking and include it in httpd.conf. 4# ----------------------------------------------------------------------------- 5 6PerlModule ModPerl::Util 7PerlModule Apache2::Request 8PerlModule Apache2::RequestRec 9PerlModule Apache2::RequestIO 10PerlModule Apache2::RequestUtil 11PerlModule Apache2::ServerUtil 12PerlModule Apache2::Connection 13PerlModule Apache2::Log 14PerlModule Apache::Session 15PerlModule APR::Table 16PerlModule ModPerl::Registry 17PerlModule "Apache2::Const => ':common'" 18PerlModule "APR::Const => ':common'" 19 20PerlModule Apache2::SiteControl 21PerlModule HTML::Mason::ApacheHandler 22 23# Uncomment this next line if you get errors from libapreq2 24# about an 'undefined symbol' 25LoadModule apreq_module /usr/lib/apache2/modules/mod_apreq2.so 26 27# Add Netdot's libraries to @INC 28PerlSwitches -I<<Make:PREFIX>>/lib 29 30<Perl> 31# Set up the Mason handler and global variables and import modules. 32use Netdot::Mason; 33 34# Override SiteControl's login method 35use Netdot::SiteControlLoginWrapper; 36</Perl> 37 38 39# If you would like to put netdot somewhere other than ``/netdot'' 40# just change this alias, the location of the login target 41# (i.e. /netdot/NetdotLogin), and the variable NetdotPath below. 42Alias /netdot "<<Make:PREFIX>>/htdocs/" 43 44# Force UTF-8 45PerlSetVar MasonPreamble "use utf8;" 46AddDefaultCharset utf-8 47 48# Set the path that will be protected. 49# 50# *NOTE* This variable is used to determine absolute paths where 51# needed in the netdot pages. The Netdot corresponds to AuthName 52# Netdot below. If you want to change the AuthName you will still 53# need this variable as the Mason code assumes you didn't change the 54# AuthName. 55PerlSetVar NetdotPath "/netdot/" 56 57# Indicate the path to the login page. Be careful, HTML::Mason can 58# interfere with proper handling...make sure you know your dependencies. 59# See samples and Apache::AuthCookie for more information. 60PerlSetVar NetdotLoginScript /netdot/login.html 61 62# See Apache::AuthCookie for descriptions of these. 63# 64# A general note about these Netdot variables: Some are accessed when 65# a user requests a page and others are accessed when a user attempts 66# to login. In our setup the login target (NetdotLogin) is in the 67# same apache scope as the netdot pages (/netdot) and these variables 68# are specified at the global scope so there isn't an issue, but if 69# you decide to move them inside a Directory, Files, or Location block 70# and move the login target be sure that you put the right variables 71# in the right places (hint: you will probably have to read the 72# AuthCookie code as it is not clear from the docs, if you don't want 73# any duplicates). The same probably goes for the SiteControl and 74# other non prefixed variables, but since they don't have prefixes it 75# would be inconsiderate to put them at the top level (pollute the 76# global name space), and so if you move the login target be sure to 77# duplicate any relevant variables (again, it might not be obvious 78# which). 79PerlSetVar NetdotSatisfy All 80# If this is set you wont be able to use unqualified hostnames and 81# rely on DNS to supply the domain. DNS will supply the domain no 82# doubt, but the browser doesn't see it so the cookie will be invalid. 83# Also, a hostname isn't valid here. 84#PerlSetVar NetdotDomain .uoregon.edu 85PerlSetVar NetdotCache 1 86 87# We change the value of NetdotExpires dynamically to implement both 88# temporary and permanent sessions. NetdotTemporySessionExpires 89# specifies the length of the tempory sessions, i.e. it corresponds to 90# NetdotExpires in a typical AuthCookie setup. 91PerlSetVar NetdotTemporarySessionExpires +2h 92 93<Directory <<Make:PREFIX>>/htdocs/> 94 Order Deny,Allow 95 Allow from all 96 97 # Other applications may have attempted to override how .html files are 98 # interpreted. We need to reset this so that HTML::Mason can work 99 # correctly. 100 AddType text/html .html 101 102 # This is hackish but it works. It is preferred over handling all 103 # files in /netdot as this causes requests for /netdot or /netdot/ 104 # to fail (DirectoryIndex doesn't get handled correctly). The 105 # "proper" way to handle this is with rewrite rules or 106 # fixuphandlers I think, but this works: Handle everything which 107 # isn't /netdot or /netdot/, i.e. which has atleast one non / char 108 # in its name relative /netdot/, with mason. 109 <FilesMatch .> 110 SetHandler perl-script 111 PerlHandler Netdot::Mason 112 </FilesMatch> 113 114 # Prevent mason from handling css and javascript 115 <FilesMatch (\.css|\.js)$> 116 SetHandler default-handler 117 </FilesMatch> 118 119 AuthType Apache2::SiteControl 120 AuthName Netdot 121 # Choose a name for the instance of the authenticator. This name is 122 # used as part of the remaining variable names. 123 PerlSetVar AuthName Netdot 124 require valid-user 125 126 # Allow access to the css and and title image so the login page 127 # displays correctly. The anonymous sub is somehow equiv to the 128 # specification of the constant explicitly. The point is that you 129 # can't simply turn off authentication for particular files, you 130 # must provide a new handler which allows all requests instead. 131 <FilesMatch (\.css|title\.png)$> 132 PerlAuthenHandler Apache2::Const::OK #'sub { return OK }' 133 PerlAuthzHandler Apache2::Const::OK #'sub { return OK }' 134 </FilesMatch> 135 136 # LDAP parameters are set in the login target Location directive 137 # below. 138 PerlSetVar SiteControlMethod Netdot::LDAP 139 140 # Turn on debugging 141 PerlSetVar AccessControllerDebug 1 142 PerlSetVar AuthCookieDebug 1 143 PerlSetVar SiteControlDebug 1 144 145 # Configure the factories. See SiteControl::UserFactory and 146 # SiteControl::ManagerFactory 147 PerlSetVar SiteControlManagerFactory Netdot::NetdotPermissionFactory 148 149 # Configure the location of the session data on server disks 150 # NOTE: apache should have read/write access to these locations. 151 PerlSetVar SiteControlSessions <<Make:PREFIX>>/tmp/sessions 152 PerlSetVar SiteControlLocks <<Make:PREFIX>>/tmp/sessions/locks 153 154 # Tell mod_perl that you want this module to control access: 155 PerlAuthenHandler Apache2::SiteControl->authenticate 156 PerlAuthzHandler Apache2::SiteControl->authorize 157 158 # See Apache2::SiteControl::UserFactory. There are more variables, 159 # but this seems to be the only one which makess SiteControl insult 160 # you in the logs :P 161 PerlSetVar UserObjectPasswordKey "Netdot gets the last laugh" 162</Directory> 163 164<Location /netdot/NetdotLogin> 165 SetHandler perl-script 166 PerlHandler Netdot::SiteControlLoginWrapper->login 167 168 # Stop AuthCookie from preventing access to NetdotLogin 169 # (which would create an authen loop). 170 PerlAuthenHandler Apache2::Const::OK 171 PerlAuthzHandler Apache2::Const::OK 172 173 PerlSetVar NetdotLDAPServer "ldaps://localhost.localdomain:636" 174 PerlSetVar NetdotLDAPServer2 "ldaps://otherhost.localdomain:636" 175 PerlSetVar NetdotLDAPRequireTLS "no" 176 PerlSetVar NetdotLDAPUserDN "uid=<username>" 177 PerlSetVar NetdotLDAPSearchBase "ou=people,dc=domain,dc=local" 178 PerlSetVar NetdotLDAPFailToLocal "yes" 179</Location> 180