You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2022/12/19 23:38:15 UTC
[whimsy] branch master updated: Rework Docker build to work with LDAP auth
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 53991090 Rework Docker build to work with LDAP auth
53991090 is described below
commit 539910906d78b5432e748e13adf64d2d770a2669
Author: Sebb <se...@apache.org>
AuthorDate: Mon Dec 19 23:38:07 2022 +0000
Rework Docker build to work with LDAP auth
N.B. ldap.rb also needs to be updated before deployment
---
DOCKER.md | 8 +--
Dockerfile | 21 ++----
Rakefile | 67 ++++++++++++++++++
docker-config/25-authz_ldap_group_membership.conf | 16 +++--
docker-config/whimsy.conf | 84 +++++++++++++++++------
5 files changed, 152 insertions(+), 44 deletions(-)
diff --git a/DOCKER.md b/DOCKER.md
index 23208c24..d4f9b6ef 100644
--- a/DOCKER.md
+++ b/DOCKER.md
@@ -58,6 +58,8 @@ Installation instructions
be visible to the container.
* `cd` into that directory
* `echo ":root: ." >.whimsy`
+* `echo ":whimsy_dn: dn-to-be-used-for-whimsy LDAP access" >>.whimsy`
+* `echo ":httpd_dn: dn-to-be-used-for-httpd LDAP access" >>.whimsy` # defaults to whimsy_dn
* `git clone git@github.com:apache/whimsy.git` OR
* `git clone https://github.com/apache/whimsy.git` (whichever works best for you)
* `create .bash_aliases` if required - this will be picked up by the root user
@@ -65,7 +67,7 @@ Installation instructions
* Start Docker if necessary: `$ open /Applications/Docker.app`
* `rake docker:update` # this runs docker:build and updates any Gems
* `rake svn:update git:pull` # This updates the Whimsy data sources
-* `rake docker:up`
+* `rake docker:up` # This prompts for LDAP Bind password
* visit `http://localhost:1999/` in your favorite browser
To get a shell on the container, open a terminal console in the work directory
@@ -100,10 +102,6 @@ The `docker-compose.yml` has the following mounts:
container path host path
/srv directory chosen in step 1
-These are currently disabled, see https://github.com/apache/whimsy/issues/119
-/root/.subversion $HOME/.subversion
-/root/.ssh $HOME/.ssh
-
You can edit the files in these directories using your host tools.
If any of the configuration files under .subversion etc contain absolute references to
files (such as CA certificates), these will need to be fixed somehow (e.g. create links on
diff --git a/Dockerfile b/Dockerfile
index 9ec2f516..a772245e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -81,27 +81,20 @@ RUN DEBIAN_FRONTEND='noninteractive' apt-get install -y libyaml-dev
# chown root:root /usr/bin/chromedriver
# chmod +x /usr/bin/chromedriver
-# This should be last, as the source is likely to change
-# It also takes very little time, so it does not matter if it has to be redone
-# N.B. These files need to be allowed in the .dockerignore file
-COPY docker-config/whimsy.conf /etc/apache2/sites-enabled/000-default.conf
-COPY docker-config/25-authz_ldap_group_membership.conf /etc/apache2/conf-enabled/25-authz_ldap_group_membership.conf
-
-# Define the LDAP hosts; must agree with those used in the above HTTPD files or TLS cert problems may occur
-RUN echo "uri ldaps://ldap-us.apache.org ldaps://ldap-eu.apache.org" >>/etc/ldap/ldap.conf
-
# Allow www-data user to use Git repo owned by root
COPY docker-config/gitconfig-www /var/www/.gitconfig
# disable security check and telemetry
-RUN sed -i -e '$i PassengerDisableSecurityUpdateCheck on' /etc/apache2/conf-enabled/passenger.conf
-RUN sed -i -e '$i PassengerDisableAnonymousTelemetry on' /etc/apache2/conf-enabled/passenger.conf
-
# Must use the same user and group as apache
-RUN sed -i -e '$i PassengerUser www-data' /etc/apache2/conf-enabled/passenger.conf
-RUN sed -i -e '$i PassengerGroup www-data' /etc/apache2/conf-enabled/passenger.conf
+RUN sed -i -e '$i PassengerDisableSecurityUpdateCheck on' /etc/apache2/conf-enabled/passenger.conf && \
+ sed -i -e '$i PassengerDisableAnonymousTelemetry on' /etc/apache2/conf-enabled/passenger.conf && \
+ sed -i -e '$i PassengerUser www-data' /etc/apache2/conf-enabled/passenger.conf && \
+ sed -i -e '$i PassengerGroup www-data' /etc/apache2/conf-enabled/passenger.conf
WORKDIR /srv/whimsy
+RUN git config --global --add safe.directory /srv/whimsy
EXPOSE 80
+# Note: the httpd and LDAP config is now done in the container as part of startup
+# This is to avoid storing any credentials in the image
CMD ["/usr/local/bin/rake", "docker:entrypoint"]
diff --git a/Rakefile b/Rakefile
index 359fbce8..f76108a4 100644
--- a/Rakefile
+++ b/Rakefile
@@ -370,6 +370,71 @@ task :default do
end
end
+# Temporary files used to propagate settings into container
+LDAP_HTTPD_PATH = '../.ldap_httpd.tmp'
+LDAP_WHIMSY_PATH = '../.ldap_whimsy.tmp'
+
+def ldap_init
+ $LOAD_PATH.unshift 'lib'
+ require 'io/console' # cannot prompt from container, so need to do this upfront
+ require 'whimsy/asf/config'
+
+ whimsy_dn = ASF::Config.get(:whimsy_dn) or raise "ERROR: Must provide whimsy_dn value in .whimsy"
+ whimsy_pw = $stdin.getpass("password for #{whimsy_dn}: ")
+ raise "ERROR: Password is required" unless whimsy_pw.size > 1
+
+ httpd_dn = ASF::Config.get(:httpd_dn)
+ if httpd_dn
+ httpd_pw = $stdin.getpass("password for #{httpd_dn}: ")
+ raise "ERROR: Password is required" unless httpd_pw.size > 1
+ else # default to whimsy credentials
+ httpd_dn = whimsy_dn
+ httpd_pw = whimsy_pw
+ end
+ File.open(LDAP_HTTPD_PATH, "w", 0o600) do |w|
+ w.puts httpd_dn
+ w.puts httpd_pw
+ end
+ File.open(LDAP_WHIMSY_PATH, "w", 0o600) do |w|
+ w.puts whimsy_dn
+ w.puts whimsy_pw
+ end
+end
+
+# Process template files replacing variable references
+def filter(src, dst, ldaphosts, ldapbinddn, ldapbindpw)
+ require 'erb'
+ template = ERB.new(File.read(src))
+ File.open(dst, "w") do |w|
+ w.write(template.result(binding))
+ end
+end
+
+# Set up LDAP items in container context
+def ldap_setup
+ FileUtils.cp LDAP_WHIMSY_PATH, '/srv/ldap.txt'
+ FileUtils.rm_f LDAP_WHIMSY_PATH # remove work file
+
+ ldapbinddn = ldapbindpw = nil
+ File.open(LDAP_HTTPD_PATH, 'r') do |r|
+ ldapbinddn = r.readline.strip
+ ldapbindpw = r.readline.strip
+ end
+ FileUtils.rm_f LDAP_HTTPD_PATH # remove work file
+
+ $LOAD_PATH.unshift 'lib'
+ require 'whimsy/asf/config'
+ hosts = ASF::Config.get(:ldap)
+ raise "ERROR: Must define :ldap in ../.whimsy" unless hosts
+
+ ldaphosts = hosts.join(" ").gsub('ldaps://', '')
+
+ filter('docker-config/whimsy.conf',
+ '/etc/apache2/sites-enabled/000-default.conf', ldaphosts, ldapbinddn, ldapbindpw)
+ filter('docker-config/25-authz_ldap_group_membership.conf',
+ '/etc/apache2/conf-enabled/25-authz_ldap_group_membership.conf', ldaphosts, ldapbinddn, ldapbindpw)
+end
+
# Docker support
namespace :docker do
task :build do
@@ -383,6 +448,7 @@ namespace :docker do
end
task :up do
+ ldap_init # create LDAP config data files
sh 'docker-compose up'
end
@@ -452,6 +518,7 @@ namespace :docker do
ln_s '/srv/.bash_aliases', '/root/.bash_aliases'
end
+ ldap_setup # set up LDAP entries in container
end
# This is the entrypoint in the Dockerfile so runs in the container
diff --git a/docker-config/25-authz_ldap_group_membership.conf b/docker-config/25-authz_ldap_group_membership.conf
index c6c1f22c..7611ee33 100644
--- a/docker-config/25-authz_ldap_group_membership.conf
+++ b/docker-config/25-authz_ldap_group_membership.conf
@@ -1,6 +1,8 @@
# LDAP alias: ASF member
<AuthzProviderAlias ldap-group ldap-alias-member cn=member,ou=groups,dc=apache,dc=org>
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636 ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN Off
AuthLDAPMaxSubGroupDepth 0
@@ -8,7 +10,9 @@
# LDAP alias: ASF committer
<AuthzProviderAlias ldap-group ldap-alias-committer cn=committers,ou=role,ou=groups,dc=apache,dc=org>
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636 ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -16,7 +20,9 @@
# LDAP alias: PMC chair
<AuthzProviderAlias ldap-group ldap-alias-pmc-chair cn=pmc-chairs,ou=groups,ou=services,dc=apache,dc=org>
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636 ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -24,7 +30,9 @@
# LDAP alias: Incubator PMC
<AuthzProviderAlias ldap-group ldap-alias-incubator-pmc cn=incubator,ou=project,ou=groups,dc=apache,dc=org>
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636 ldap-eu.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute owner
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
diff --git a/docker-config/whimsy.conf b/docker-config/whimsy.conf
index d0f0c67e..df5ba3b1 100644
--- a/docker-config/whimsy.conf
+++ b/docker-config/whimsy.conf
@@ -176,7 +176,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Committers"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -187,7 +189,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Committers"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -198,7 +202,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Committers"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -209,7 +215,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Committers"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -220,7 +228,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Committers"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -235,7 +245,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF committer"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
Require ldap-alias-committer
</Directory>
@@ -243,14 +255,18 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
Require ldap-alias-member
</Directory>
<Directory /srv/whimsy/www/test/incubator>
AuthType Basic
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthName "Incubator PMC"
Require ldap-alias-incubator-pmc
</Directory>
@@ -259,7 +275,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Incubator PMC"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
<RequireAny>
Require ldap-alias-member
Require ldap-alias-incubator-pmc
@@ -270,7 +288,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Incubator PMC"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -281,7 +301,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Incubator PMC"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -292,7 +314,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Officers"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -303,7 +327,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Officers"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -314,7 +340,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Officers"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -325,7 +353,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members and Officers"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -343,7 +373,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
AuthLDAPMaxSubGroupDepth 0
@@ -354,7 +386,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
AuthLDAPMaxSubGroupDepth 0
@@ -365,7 +399,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Members"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
AuthLDAPMaxSubGroupDepth 0
@@ -376,7 +412,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Infrastructure Team"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -387,7 +425,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Secretarial Team"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0
@@ -401,7 +441,9 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
AuthType Basic
AuthName "ASF Secretarial Team"
AuthBasicProvider ldap
- AuthLDAPUrl "ldaps://ldap-us.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPUrl "ldaps://<%= ldaphosts%>/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPBindDN <%= ldapbinddn%>
+ AuthLDAPBindPassword "<%= ldapbindpw%>"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
AuthLDAPMaxSubGroupDepth 0