Hey, I just thought I'd share this nugget. I'm using apache21 on
FreeBSD here, but anyone using Apache 2.1 or better should be able to
use it. If you compile with LDAP support, you can of course
authenticate using username and password.
I got to thinking though, some of my clients have multiple usernames
that are identical (with different uid's). So how do we tell them apart
at login?
We don't. :) Tell apache to use the mail= parameter for search instead
of uid=, then they can all log in using e-mail addresses. This is great
for ISP's with co-located servers. Here's a commented version of our
config (censored of course):
<VirtualHost *:80>
ServerName backup.mydomain.tld
DocumentRoot /usr/local/www/backuppc
ScriptAlias /cgi-bin/ /usr/local/BackupPC/cgi-bin/
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} ^/$
RewriteRule ^/(.*) http://%{HTTP_HOST}/cgi-bin/BackupPC_Admin [L,R]
RewriteOptions inherit
<Directory "/usr/local/www/backuppc">
Options +ExecCGI +Followsymlinks +Includes
AllowOverride All
allow from all
</Directory>
<Directory "/usr/local/BackupPC/cgi-bin">
# BackupPC requires that the web interface be passed a valid
# REMOTE_USER environment variable. The most typical way of doing this is
# to use http auth, and AuthType Digest, use htpasswd to create a file of
# usernames/passwords, and maintain that file. For information on how to
# set this up, please read:
# http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html
# An example follows:
# AuthType Digest
# AuthName "Backup Server"
# AuthDigestProvider file
# AuthUserFile /usr/local/BackupPC/.digest_pw
# Require valid-user
# It is also possible to use LDAP authentication to get to the BackupPC
# web interface. Please note that when building from ports you will
# need to pass WITH_LDAP=yes WITH_LDAP_MODULES=yes
# to get support for this. For more information on using
# mod_authnz_ldap, visit:
# http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html.
AuthType Basic
AuthBasicProvider ldap
AuthName "Backup Server"
# To allow login by uid:
#AuthLDAPURL
ldap://directory-server.domain.tld/cn=users,dc=domain,dc=tld?uid?sub?(objectClass=*)
# Or by e-mail address (useful for ISP's). Still uses the password from
LDAP.
# Be sure to use full e-mai addresses in the hosts file!
AuthLDAPURL
ldap://directory-server.domain.tld/cn=users,dc=domain,dc=tld?mail?sub?(objectClass=*)
# The next two lines are only required if your LDAP server requires you
# to bind before doing lookups. Apple Open Directory users should #
remember to use the following convention.
#AuthLDAPBindDN uid=diradmin,cn=users,dc=domain,dc=tld
#AuthLDAPBindPassword youpasswordhere
require ldap-filter &(uid=*)
allow from all
</Directory>
# The following IS NOT optional. BackupPC and the apache process MUST
# identify as the backuppc user. If using apache21 as this config file
# presumes, you will need to build apache21 from ports using
# WITH_SUEXEC=yes, and set SUEXEC_DOCROOT to an appropriate value. If
# you wish to be able to do suexec statements system-wide, you *could*
# set SUEXEC_DOCROOT=/, however read up on the security implications of
# this to see if that choice is right for you. To only use it for
# BackupPC, set SUEXEC_DOCROOT=/usr/local/BackupPC/cgi-bin.
SuexecUserGroup "#1001" "#1001"
</VirtualHost>
Using the above, I am able to let everyone log in with any e-mail
address they have, and their ldap password. Side benefit - I have two
addresses, [EMAIL PROTECTED], and my short form,
[EMAIL PROTECTED] (which no one actually uses). I can log in using
either e-mail address. :D
I imagine this being really good for windows domains where many
companies have the login convention of initials (mine is AMS for
example), which automatically creates [EMAIL PROTECTED], but then they turn
around and create a normal looking e-mail address. Either would work
this way.
Tony Shadwick
OSS Solutions
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
BackupPC-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/backuppc-users
http://backuppc.sourceforge.net/
