apache

LDAP authentication through Apache for svn, trac or anything else for that matter :P

Apache can be used as an access method for things like svn, trac, and even a whole file system through webdav. And apache also supports authentication through LDAP. Hence Apache can be used to authenticate the services that it provides through LDAP.

Here is how it is done :

For SVN :

<VirtualHost *:80>
ServerName                          repos.nitt.edu
DocumentRoot                        "/var/www/svn/DocumentRoot/"
ErrorLog logs/repos.nitt.edu-error_log
CustomLog logs/repos.nitt.edu-access_log combined

<Location /pragyan>
DAV svn
SVNPath /var/www/svn/pragyan
<LimitExcept OPTIONS REPORTGET>
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName “Pragyan SVN LDAP Authentication”
AuthLDAPURL ldap://localhost:389/ou=Pragyan,dc=www,dc=nitt,dc=edu?cn?sub?(objectClass=*)
AuthLDAPGroupAttribute contact
require valid-user
require ldap-group listName=coding,ou=Groups,ou=Pragyan,dc=www,dc=nitt,dc=edu
</LimitExcept>
</Location>
</VirtualHost>

For trac :
<Location "/trac/delta/login">
AuthType Basic
AuthName "Delta Trac LDAP Authentication"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL ldap://delta.nitt.edu:389/ou=Webteam,dc=delta,dc=nitt.edu?uid?sub?(objectClass=*)
AuthLDAPGroupAttribute memberUid
require valid-user
require ldap-group cn=webteam,ou=Groups,ou=Webteam,dc=delta,dc=nitt.edu
</Location>

Advertisements

public_html web server – without mod_userdir

Hell, what does the title mean??

It means this :

Allow people to put files in the public_html folder in their home directories and allow it to be seen through the web server of that server in this format : http://servername/~username/hisorherfiles

Most people use mod_userdir to allow ~username directories in their webservers. However, there is simple rewrite rule workaround that eliminates the need for mod_userdir.  I needed this because we had the home directories on the server, but the users had no login accounts on the server and they needed their public_html to work.

Here is how it goes :

#First, disable the default thing : 
<IfModule mod_userdir.c>
    UserDir disable
</IfModule>
#Then the rewrite rule
#To prevent access to files ~something.html and #something.html#
<Files ~ ".*(~|#)$">
    	   Order allow,deny
    	   Deny from all
</Files>
#To show public_html access
    RewriteEngine On
    RewriteCond %{REQUEST_URI}	^/~\w+/.*$
    RewriteRule /~(\w+)/(.*)	/webteam/$1/public_html/$2
    RewriteCond %{REQUEST_URI}	^/~\w+$
    RewriteRule /~(\w+)		/webteam/$1/public_html/
#To enable .htaccess rules in public_html
<Directory /webteam/*/public_html>
    AllowOverride All
</Directory>