This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 0bd608c4 Synch with updated LDAP auth using aliases
0bd608c4 is described below
commit 0bd608c47f3a08c2c6633e6fa239192c03c79fef
Author: Sebb <s...@apache.org>
AuthorDate: Sun Apr 21 22:29:39 2024 +0100
Synch with updated LDAP auth using aliases
---
docker-config/whimsy.conf | 105 ++++++++++++++++------------------------------
1 file changed, 35 insertions(+), 70 deletions(-)
diff --git a/docker-config/whimsy.conf b/docker-config/whimsy.conf
index 2f3cf6ed..bc8637df 100644
--- a/docker-config/whimsy.conf
+++ b/docker-config/whimsy.conf
@@ -73,10 +73,7 @@ ExpiresActive On
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute memberUid
- AuthLDAPGroupAttributeIsDN off
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=member,ou=groups,dc=apache,dc=org
+ Require ldap-alias-member
</Directory>
<Directory /srv/whimsy/www/members/log>
@@ -223,10 +220,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
+ Require ldap-alias-committer
</LocationMatch>
<Directory /srv/whimsy/www/committers>
@@ -236,10 +230,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
+ Require ldap-alias-committer
</Directory>
<Directory /srv/whimsy/www/project/icla>
@@ -249,10 +240,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
+ Require ldap-alias-committer
</Directory>
<Directory /srv/whimsy/www/roster>
@@ -262,10 +250,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
+ Require ldap-alias-committer
</Directory>
<LocationMatch ^/incubator/moderators>
@@ -275,10 +260,10 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
+ <RequireAny>
+ Require ldap-alias-member
+ Require ldap-alias-incubator-pmc
+ </RequireAny>
</LocationMatch>
<LocationMatch ^/incubator/signoff>
@@ -288,10 +273,10 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
+ <RequireAny>
+ Require ldap-alias-member
+ Require ldap-alias-incubator-pmc
+ </RequireAny>
</LocationMatch>
<Directory /srv/whimsy/www/fundraising>
@@ -301,10 +286,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
+ Require ldap-alias-committer
</Directory>
<Directory /srv/whimsy/www/officers>
@@ -314,10 +296,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
+ Require ldap-alias-committer
</Directory>
<Directory /srv/whimsy/www/treasurer>
@@ -327,10 +306,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
+ Require ldap-alias-committer
</Directory>
<Directory /srv/whimsy/www/board/agenda>
@@ -340,9 +316,6 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
Require expr %{REQUEST_URI} == '/board/agenda/app.js'
Require expr %{REQUEST_URI} == '/board/agenda/app.js.map'
Require expr %{REQUEST_URI} =~ m#^/board/agenda/.*\.js\.rb$#
@@ -350,7 +323,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
Require expr %{REQUEST_URI} == '/board/agenda/manifest.json'
Require expr %{REQUEST_URI} == '/board/agenda/stylesheets/app.css'
Require expr %{REQUEST_URI} == '/board/agenda/sw.js'
- Require ldap-group cn=committers,ou=role,ou=groups,dc=apache,dc=org
+ Require ldap-alias-committer
</Directory>
<Directory /srv/whimsy/www/apmail>
@@ -360,10 +333,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute memberUid
- AuthLDAPGroupAttributeIsDN off
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=member,ou=groups,dc=apache,dc=org
+ Require ldap-alias-member
</Directory>
<Directory /srv/whimsy/www/members>
@@ -373,10 +343,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute memberUid
- AuthLDAPGroupAttributeIsDN off
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=member,ou=groups,dc=apache,dc=org
+ Require ldap-alias-member
</Directory>
<Directory /srv/whimsy/www/voter>
@@ -386,10 +353,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute memberUid
- AuthLDAPGroupAttributeIsDN off
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=member,ou=groups,dc=apache,dc=org
+ Require ldap-alias-member
</Directory>
<Directory /srv/whimsy/www/infra>
@@ -399,10 +363,7 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
- Require ldap-group cn=infrastructure,ou=groups,ou=services,dc=apache,dc=org
+ Require ldap-alias-infrastructure
</Directory>
<Directory /srv/whimsy/www/secretary>
@@ -412,12 +373,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
<RequireAny>
- Require ldap-group cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org
- Require ldap-group cn=apldap,ou=groups,ou=services,dc=apache,dc=org
+ Require ldap-alias-secretary
+ Require ldap-alias-apldap
</RequireAny>
</Directory>
@@ -428,12 +386,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
AuthLDAPBindDN <%= ldapbinddn %>
AuthLDAPBindPassword "<%= ldapbindpw %>"
- AuthLDAPGroupAttribute member
- AuthLDAPGroupAttributeIsDN on
- AuthLDAPMaxSubGroupDepth 0
<RequireAny>
- Require ldap-group cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org
- Require ldap-group cn=apldap,ou=groups,ou=services,dc=apache,dc=org
+ Require ldap-alias-secretary
+ Require ldap-alias-apldap
</RequireAny>
</LocationMatch>
@@ -500,6 +455,16 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
Require ldap-alias-secretary
</Directory>
+<Directory /srv/whimsy/www/test/apldap>
+ AuthType Basic
+ AuthName "Apldap"
+ AuthBasicProvider ldap
+ AuthLDAPUrl "ldaps://<%= ldaphosts %>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn %>
+ AuthLDAPBindPassword "<%= ldapbindpw %>"
+ Require ldap-alias-apldap
+</Directory>
+
# Needs libapache2-mod-svn to be installed
# These are separate repos, as per the real ones
<Location /repos/asf>
