This is an automated email from the ASF dual-hosted git repository. sebb pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push: new 0bd608c4 Synch with updated LDAP auth using aliases 0bd608c4 is described below commit 0bd608c47f3a08c2c6633e6fa239192c03c79fef Author: Sebb <s...@apache.org> AuthorDate: Sun Apr 21 22:29:39 2024 +0100 Synch with updated LDAP auth using aliases --- docker-config/whimsy.conf | 105 ++++++++++++++++------------------------------ 1 file changed, 35 insertions(+), 70 deletions(-) diff --git a/docker-config/whimsy.conf b/docker-config/whimsy.conf index 2f3cf6ed..bc8637df 100644 --- a/docker-config/whimsy.conf +++ b/docker-config/whimsy.conf @@ -73,10 +73,7 @@ ExpiresActive On AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute memberUid - AuthLDAPGroupAttributeIsDN off - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=member,ou=groups,dc=apache,dc=org + Require ldap-alias-member </Directory> <Directory /srv/whimsy/www/members/log> @@ -223,10 +220,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org + Require ldap-alias-committer </LocationMatch> <Directory /srv/whimsy/www/committers> @@ -236,10 +230,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org + Require ldap-alias-committer </Directory> <Directory /srv/whimsy/www/project/icla> @@ -249,10 +240,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org + Require ldap-alias-committer </Directory> <Directory /srv/whimsy/www/roster> @@ -262,10 +250,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org + Require ldap-alias-committer </Directory> <LocationMatch ^/incubator/moderators> @@ -275,10 +260,10 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org + <RequireAny> + Require ldap-alias-member + Require ldap-alias-incubator-pmc + </RequireAny> </LocationMatch> <LocationMatch ^/incubator/signoff> @@ -288,10 +273,10 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org + <RequireAny> + Require ldap-alias-member + Require ldap-alias-incubator-pmc + </RequireAny> </LocationMatch> <Directory /srv/whimsy/www/fundraising> @@ -301,10 +286,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org + Require ldap-alias-committer </Directory> <Directory /srv/whimsy/www/officers> @@ -314,10 +296,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org + Require ldap-alias-committer </Directory> <Directory /srv/whimsy/www/treasurer> @@ -327,10 +306,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org + Require ldap-alias-committer </Directory> <Directory /srv/whimsy/www/board/agenda> @@ -340,9 +316,6 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 Require expr %{REQUEST_URI} == '/board/agenda/app.js' Require expr %{REQUEST_URI} == '/board/agenda/app.js.map' Require expr %{REQUEST_URI} =~ m#^/board/agenda/.*\.js\.rb$# @@ -350,7 +323,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public Require expr %{REQUEST_URI} == '/board/agenda/manifest.json' Require expr %{REQUEST_URI} == '/board/agenda/stylesheets/app.css' Require expr %{REQUEST_URI} == '/board/agenda/sw.js' - Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org + Require ldap-alias-committer </Directory> <Directory /srv/whimsy/www/apmail> @@ -360,10 +333,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute memberUid - AuthLDAPGroupAttributeIsDN off - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=member,ou=groups,dc=apache,dc=org + Require ldap-alias-member </Directory> <Directory /srv/whimsy/www/members> @@ -373,10 +343,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute memberUid - AuthLDAPGroupAttributeIsDN off - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=member,ou=groups,dc=apache,dc=org + Require ldap-alias-member </Directory> <Directory /srv/whimsy/www/voter> @@ -386,10 +353,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute memberUid - AuthLDAPGroupAttributeIsDN off - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=member,ou=groups,dc=apache,dc=org + Require ldap-alias-member </Directory> <Directory /srv/whimsy/www/infra> @@ -399,10 +363,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 - Require ldap-group cn=infrastructure,ou=groups,ou=services,dc=apache,dc=org + Require ldap-alias-infrastructure </Directory> <Directory /srv/whimsy/www/secretary> @@ -412,12 +373,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 <RequireAny> - Require ldap-group cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org - Require ldap-group cn=apldap,ou=groups,ou=services,dc=apache,dc=org + Require ldap-alias-secretary + Require ldap-alias-apldap </RequireAny> </Directory> @@ -428,12 +386,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" AuthLDAPBindDN <%= ldapbinddn %> AuthLDAPBindPassword "<%= ldapbindpw %>" - AuthLDAPGroupAttribute member - AuthLDAPGroupAttributeIsDN on - AuthLDAPMaxSubGroupDepth 0 <RequireAny> - Require ldap-group cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org - Require ldap-group cn=apldap,ou=groups,ou=services,dc=apache,dc=org + Require ldap-alias-secretary + Require ldap-alias-apldap </RequireAny> </LocationMatch> @@ -500,6 +455,16 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public Require ldap-alias-secretary </Directory> +<Directory /srv/whimsy/www/test/apldap> + AuthType Basic + AuthName "Apldap" + AuthBasicProvider ldap + AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid" + AuthLDAPBindDN <%= ldapbinddn %> + AuthLDAPBindPassword "<%= ldapbindpw %>" + Require ldap-alias-apldap +</Directory> + # Needs libapache2-mod-svn to be installed # These are separate repos, as per the real ones <Location /repos/asf>