You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by bu...@apache.org on 2012/07/27 22:43:34 UTC
svn commit: r827234 - in /websites/staging/vcl/trunk/content: ./
docs/ldap-ca-bundle-ex.html docs/ldap-showhostname.html docs/ldapauth.html
Author: buildbot
Date: Fri Jul 27 20:43:34 2012
New Revision: 827234
Log:
Staging update by buildbot for vcl
Added:
websites/staging/vcl/trunk/content/docs/ldap-ca-bundle-ex.html
websites/staging/vcl/trunk/content/docs/ldap-showhostname.html
websites/staging/vcl/trunk/content/docs/ldapauth.html
Modified:
websites/staging/vcl/trunk/content/ (props changed)
Propchange: websites/staging/vcl/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jul 27 20:43:34 2012
@@ -1 +1 @@
-1366473
+1366527
Added: websites/staging/vcl/trunk/content/docs/ldap-ca-bundle-ex.html
==============================================================================
--- websites/staging/vcl/trunk/content/docs/ldap-ca-bundle-ex.html (added)
+++ websites/staging/vcl/trunk/content/docs/ldap-ca-bundle-ex.html Fri Jul 27 20:43:34 2012
@@ -0,0 +1,95 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <link href="/css/vcl.css" rel="stylesheet" type="text/css">
+ <title>Apache VCL - Example ca-bundle.crt File</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body>
+ <div id="sitetitle">
+ <table width="100%" border="0" cellspacing="0" cellpadding="5">
+ <tr>
+ <td><a href="/index.html">Apache VCL</a></td>
+ <td><img src="/img/vcllogo.png" width="63" height="52" align="right"></td>
+ </tr>
+ </table>
+ </div>
+
+ <div id="navigation">
+ <ul>
+<li>Information<ul>
+<li><a href="/info/about.html">What is VCL?</a></li>
+<li><a href="/info/features.html">Features</a></li>
+<li><a href="/info/architecture.html">Architecture</a></li>
+<li><a href="/info/use-cases.html">Use Cases</a></li>
+<li><a href="/download.cgi">Download</a></li>
+<li><a href="/info/license.html">License</a></li>
+<li><a href="/info/faq.html">FAQ</a></li>
+</ul>
+</li>
+<li><a href="/docs/index.html">Documentation</a><ul>
+<li><a href="/docs/using-vcl.html">Using VCL</a></li>
+<li><a href="/docs/image-creation.html">Image Creation</a></li>
+<li><a href="/docs/administration.html">Administration</a></li>
+<li><a href="/docs/installation.html">Installation</a></li>
+<li><a href="/docs/deployment-planning.html">Deployment Planning</a></li>
+</ul>
+</li>
+<li><a href="/comm/index.html">Community</a><ul>
+<li><a href="/comm/index.html#getInvolved">Getting Involved</a></li>
+<li><a href="/comm/index.html#mail-list">Mailing Lists</a></li>
+<li><a href="/comm/index.html#how-do-i-join-the-project">How can I Join</a></li>
+<li><a href="/comm/wiki.html">Wiki</a></li>
+<li><a href="/dev/index.html">Development</a><ul>
+<li><a href="/dev/jira.html">Issue Tracking</a></li>
+<li><a href="/dev/code-documentation.html">Code Documentation</a></li>
+<li><a href="/dev/roadmap.html">Roadmap</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><a href="http://www.apache.org">Apache Software Foundation</a><ul>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+</ul>
+</li>
+</ul>
+ </div>
+
+ <div id="content">
+ <h1 class="title">Example ca-bundle.crt File</h1>
+ <p>stub page</p>
+ </div>
+
+ <div id="footer">
+ <div class="copyright">
+ <p>
+ Copyright © 2012 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ <br />
+ Apache and the Apache feather logo are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </div>
+
+</body>
+</html>
Added: websites/staging/vcl/trunk/content/docs/ldap-showhostname.html
==============================================================================
--- websites/staging/vcl/trunk/content/docs/ldap-showhostname.html (added)
+++ websites/staging/vcl/trunk/content/docs/ldap-showhostname.html Fri Jul 27 20:43:34 2012
@@ -0,0 +1,95 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <link href="/css/vcl.css" rel="stylesheet" type="text/css">
+ <title>Apache VCL - Viewing the hostname in an SSL certificate</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body>
+ <div id="sitetitle">
+ <table width="100%" border="0" cellspacing="0" cellpadding="5">
+ <tr>
+ <td><a href="/index.html">Apache VCL</a></td>
+ <td><img src="/img/vcllogo.png" width="63" height="52" align="right"></td>
+ </tr>
+ </table>
+ </div>
+
+ <div id="navigation">
+ <ul>
+<li>Information<ul>
+<li><a href="/info/about.html">What is VCL?</a></li>
+<li><a href="/info/features.html">Features</a></li>
+<li><a href="/info/architecture.html">Architecture</a></li>
+<li><a href="/info/use-cases.html">Use Cases</a></li>
+<li><a href="/download.cgi">Download</a></li>
+<li><a href="/info/license.html">License</a></li>
+<li><a href="/info/faq.html">FAQ</a></li>
+</ul>
+</li>
+<li><a href="/docs/index.html">Documentation</a><ul>
+<li><a href="/docs/using-vcl.html">Using VCL</a></li>
+<li><a href="/docs/image-creation.html">Image Creation</a></li>
+<li><a href="/docs/administration.html">Administration</a></li>
+<li><a href="/docs/installation.html">Installation</a></li>
+<li><a href="/docs/deployment-planning.html">Deployment Planning</a></li>
+</ul>
+</li>
+<li><a href="/comm/index.html">Community</a><ul>
+<li><a href="/comm/index.html#getInvolved">Getting Involved</a></li>
+<li><a href="/comm/index.html#mail-list">Mailing Lists</a></li>
+<li><a href="/comm/index.html#how-do-i-join-the-project">How can I Join</a></li>
+<li><a href="/comm/wiki.html">Wiki</a></li>
+<li><a href="/dev/index.html">Development</a><ul>
+<li><a href="/dev/jira.html">Issue Tracking</a></li>
+<li><a href="/dev/code-documentation.html">Code Documentation</a></li>
+<li><a href="/dev/roadmap.html">Roadmap</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><a href="http://www.apache.org">Apache Software Foundation</a><ul>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+</ul>
+</li>
+</ul>
+ </div>
+
+ <div id="content">
+ <h1 class="title">Viewing the hostname in an SSL certificate</h1>
+ <p>stub page</p>
+ </div>
+
+ <div id="footer">
+ <div class="copyright">
+ <p>
+ Copyright © 2012 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ <br />
+ Apache and the Apache feather logo are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </div>
+
+</body>
+</html>
Added: websites/staging/vcl/trunk/content/docs/ldapauth.html
==============================================================================
--- websites/staging/vcl/trunk/content/docs/ldapauth.html (added)
+++ websites/staging/vcl/trunk/content/docs/ldapauth.html Fri Jul 27 20:43:34 2012
@@ -0,0 +1,208 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <link href="/css/vcl.css" rel="stylesheet" type="text/css">
+ <title>Apache VCL - LDAP Authentication</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body>
+ <div id="sitetitle">
+ <table width="100%" border="0" cellspacing="0" cellpadding="5">
+ <tr>
+ <td><a href="/index.html">Apache VCL</a></td>
+ <td><img src="/img/vcllogo.png" width="63" height="52" align="right"></td>
+ </tr>
+ </table>
+ </div>
+
+ <div id="navigation">
+ <ul>
+<li>Information<ul>
+<li><a href="/info/about.html">What is VCL?</a></li>
+<li><a href="/info/features.html">Features</a></li>
+<li><a href="/info/architecture.html">Architecture</a></li>
+<li><a href="/info/use-cases.html">Use Cases</a></li>
+<li><a href="/download.cgi">Download</a></li>
+<li><a href="/info/license.html">License</a></li>
+<li><a href="/info/faq.html">FAQ</a></li>
+</ul>
+</li>
+<li><a href="/docs/index.html">Documentation</a><ul>
+<li><a href="/docs/using-vcl.html">Using VCL</a></li>
+<li><a href="/docs/image-creation.html">Image Creation</a></li>
+<li><a href="/docs/administration.html">Administration</a></li>
+<li><a href="/docs/installation.html">Installation</a></li>
+<li><a href="/docs/deployment-planning.html">Deployment Planning</a></li>
+</ul>
+</li>
+<li><a href="/comm/index.html">Community</a><ul>
+<li><a href="/comm/index.html#getInvolved">Getting Involved</a></li>
+<li><a href="/comm/index.html#mail-list">Mailing Lists</a></li>
+<li><a href="/comm/index.html#how-do-i-join-the-project">How can I Join</a></li>
+<li><a href="/comm/wiki.html">Wiki</a></li>
+<li><a href="/dev/index.html">Development</a><ul>
+<li><a href="/dev/jira.html">Issue Tracking</a></li>
+<li><a href="/dev/code-documentation.html">Code Documentation</a></li>
+<li><a href="/dev/roadmap.html">Roadmap</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><a href="http://www.apache.org">Apache Software Foundation</a><ul>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+</ul>
+</li>
+</ul>
+ </div>
+
+ <div id="content">
+ <h1 class="title">LDAP Authentication</h1>
+ <h1 id="adding-ldap-authenciation">Adding LDAP Authenciation</h1>
+<h2 id="prerequisites-for-your-ldap-server">Prerequisites for your LDAP server:</h2>
+<ul>
+<li>SSL must be enabled on your LDAP server</li>
+<li>
+<p>An LDAP account that can look up these items for users:</p>
+<ul>
+<li>first name</li>
+<li>last name</li>
+<li>user id</li>
+<li>email (optional)</li>
+</ul>
+<p>This will be referred to as 'vcllookup' on
+this page. You can skip this step if anonymous binds are enabled on your LDAP server
+and an anonymous bind will be able to look up the listed items.
+* If your LDAP server is behind a firewall, you will need to allow your VCL web
+server to access tcp port 636 on your LDAP server</p>
+</li>
+</ul>
+<h2 id="prerequisites-for-your-vcl-web-server">Prerequisites for your VCL web server:</h2>
+<ul>
+<li><strong>php-ldap</strong> needs to be installed</li>
+<li>
+<p><strong>SSL certificate</strong> - If your LDAP server's SSL certificate is self-signed, your VCL web server needs
+to have the root CA certificate that was used to sign the LDAP server certificate
+installed. The PEM formatted certificate needs to be added to the ca-bundle.crt file.
+On CentOS, the file is located at /etc/pki/tls/certs/ca-bundle.crt
+(<a href="/docs/ldap-ca-bundle-ex.html">example</a>). The hostname in
+the certificate must match the hostname entered in the conf.php file further down.
+If your certificate does not have the correct hostname in it, you must put an entry
+in /etc/hosts for the hostname in the certificate (<a href="/docs/ldap-showhostname.html">viewing the hostname in the
+certificate</a>).</p>
+</li>
+<li>
+<p>After adding the certificate, restart httpd:</p>
+<p>service httpd restart</p>
+</li>
+<li>
+<p>You can verify that the certificate is properly installed using this command:</p>
+<p>openssl s_client -showcerts -CAfile /etc/pki/tls/certs/ca-bundle.crt -connect
+your.ldap.server.here:636</p>
+<p>If you see "Verify return code: 0 (ok)" at the end of the output then it is
+installed correctly. If you see a different return code, then you'll need to
+troubleshoot the problem.
+<em> You may need to add a line to </em>/etc/openldap/ldap.conf* to point to the
+ca-bundle.crt file. If so, add the following:</p>
+<p>TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt</p>
+</li>
+</ul>
+<h2 id="adding-ldap-authentication-to-the-web-code">Adding LDAP Authentication to the Web Code</h2>
+<ul>
+<li>
+<p>You will need to manually add an entry to the affiliation table in the VCL
+database. Choose a name for the affiliation. This will be appended to all userids
+for the affiliation to distinguish them from other affiliations you may configure
+later. <em>Do not</em> use the Global affiliation for this. Initials or a short name of
+your organization are a good idea. The affiliation name cannot contain spaces. Use
+the following to add the affiliation, replacing 'EXAMPLE' with the name you chose.
+Take note of the id from the 2nd SQL statement as you will need it later. It is the
+numerical id for this affiliation.</p>
+<p>mysql vcl</p>
+<p>INSERT INTO affiliation (name) VALUES ('EXAMPLE');</p>
+<p>SELECT id FROM affiliation WHERE name = 'EXAMPLE';</p>
+<p>exit</p>
+</li>
+<li>
+<p>Edit <em>conf.php</em> and search for "EXAMPLE1 LDAP"</p>
+</li>
+<li>Uncomment the "EXAMPLE1 LDAP" section by removing the '/*' before it and the '*/'
+at the end of 'to use this login mechanism'</li>
+<li>Change 'EXAMPLE1 LDAP' to something to match your location, for example at NCSU,
+it is 'NCSU LDAP'. This string is what users will see where they select the
+authentication mechanism to use when logging in.</li>
+<li>Modify the following fields:<ul>
+<li><strong>server</strong> - this is the hostname of your LDAP server - this must match the
+hostname in the certificate.</li>
+<li><strong>binddn</strong> - typically, you'll want to use the base DN of your LDAP server; for
+Active Directory, this is usually dc= for each of your domain name components. For
+example, your your domain name was ad.example.org, it would be
+"dc=ad,dc=example,dc=org"</li>
+<li><strong>userid</strong> - this is a string that is added to the userid a user enters on the
+login page. Place a '%s' where the entered userid should go. Some examples are:<ul>
+<li>%s@example.org</li>
+<li>%s@ad.example.org</li>
+<li>uid=%s,ou=accounts,dc=example,dc=org'</li>
+</ul>
+</li>
+<li><strong>unityid</strong> - this is the ldap field that contains a user's login id (for Active
+Directory, this is usually sAMAccountName)</li>
+<li><strong>firstname</strong> - this is the ldap field that contains a user's first name</li>
+<li><strong>lastname</strong> - this is the ldap field that contains a user's last name</li>
+<li><strong>email</strong> - this is the ldap field that contains a user's email address</li>
+<li><strong>defaultemail</strong> - if an email address is not provided by the ldap server, this
+will be appended to the end of the userid to create an email address. In this case,
+email notifications will be disabled by default.</li>
+<li><strong>masterlogin</strong> - this is the vcllookup account referred to in the "Prerequisites
+for your LDAP server" section - comment out this line if using anonymous binds</li>
+<li><strong>masterpwd</strong> - password for the masterlogin account - comment out this line if
+using anonymous binds</li>
+<li><strong>affiliationid</strong> - this is the id from the SELECT statement in the first step</li>
+<li><strong>lookupuserbeforeauth</strong> - Some LDAP servers will only allow the full DN of a
+user to be used when authenticating. If this is the case, you will need to set this
+to 1 and set a value for <em>lookupuserfield</em>. You can probably start out with this set
+to 0. If your LDAP server has users in multiple containers, you will probably need
+to set this to 1. </li>
+<li><strong>lookupuserfield</strong> - If you need to set <em>lookupuserbeforeauth</em> to 1, set
+this to the attribute to use to search for the user in ldap. Typical values are 'cn',
+'uid', and 'samaccountname'.</li>
+<li><strong>help</strong> - this is some text that will show up on the page where users select the
+authentication method explaining why they would select this option</li>
+</ul>
+</li>
+<li>Uncomment the <em>require_once</em> line for <em>ldapauth.php</em> toward the bottom of the file</li>
+</ul>
+ </div>
+
+ <div id="footer">
+ <div class="copyright">
+ <p>
+ Copyright © 2012 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ <br />
+ Apache and the Apache feather logo are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </div>
+
+</body>
+</html>