You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2019/12/12 12:50:52 UTC
[whimsy] branch master updated: Add auth test settings
This is an automated email from the ASF dual-hosted git repository.
sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git
The following commit(s) were added to refs/heads/master by this push:
new 4624c80 Add auth test settings
4624c80 is described below
commit 4624c8066da1c45b5bfa4bf7ec5c83fc262c3ac2
Author: Sebb <se...@apache.org>
AuthorDate: Thu Dec 12 12:50:30 2019 +0000
Add auth test settings
---
Rakefile | 6 +++++-
config/25-authz_ldap_group_membership.conf | 27 +++++++++++++++++++++++++++
config/setupmymac | 13 +++++++++++++
config/whimsy.conf | 27 +++++++++++++++++++++++++++
docker/Dockerfile | 1 +
5 files changed, 73 insertions(+), 1 deletion(-)
diff --git a/Rakefile b/Rakefile
index 530f772..dc9a953 100644
--- a/Rakefile
+++ b/Rakefile
@@ -320,7 +320,7 @@ end
# Docker support
namespace :docker do
- task :build => 'docker/work/whimsy.conf' do
+ task :build => ['docker/work/whimsy.conf', 'docker/work/25-authz_ldap_group_membership.conf'] do
Dir.chdir File.join(__dir__, 'docker') do
sh 'docker-compose build web'
end
@@ -403,3 +403,7 @@ end
file 'docker/work/whimsy.conf' => ['docker/work', 'config/whimsy.conf'] do
cp 'config/whimsy.conf', 'docker/work/whimsy.conf'
end
+
+file 'docker/work/25-authz_ldap_group_membership.conf' => ['docker/work', 'config/25-authz_ldap_group_membership.conf'] do
+ cp 'config/25-authz_ldap_group_membership.conf', 'docker/work/25-authz_ldap_group_membership.conf'
+end
diff --git a/config/25-authz_ldap_group_membership.conf b/config/25-authz_ldap_group_membership.conf
new file mode 100644
index 0000000..c78cdf2
--- /dev/null
+++ b/config/25-authz_ldap_group_membership.conf
@@ -0,0 +1,27 @@
+# LDAP alias: ASF member
+<AuthzProviderAlias ldap-group ldap-alias-member cn=member,ou=groups,dc=apache,dc=org>
+ AuthLDAPurl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPGroupAttribute memberUid
+ AuthLDAPGroupAttributeIsDN Off
+</AuthzProviderAlias>
+
+# LDAP alias: ASF committer
+<AuthzProviderAlias ldap-group ldap-alias-committer cn=committers,ou=role,ou=groups,dc=apache,dc=org>
+ AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPGroupAttribute member
+ AuthLDAPGroupAttributeIsDN on
+</AuthzProviderAlias>
+
+# LDAP alias: PMC chair
+<AuthzProviderAlias ldap-group ldap-alias-pmc-chair cn=pmc-chairs,ou=groups,ou=services,dc=apache,dc=org>
+ AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPGroupAttribute member
+ AuthLDAPGroupAttributeIsDN on
+</AuthzProviderAlias>
+
+# LDAP alias: Incubator PMC
+<AuthzProviderAlias ldap-group ldap-alias-incubator-pmc cn=incubator,ou=project,ou=groups,dc=apache,dc=org>
+ AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ AuthLDAPGroupAttribute owner
+ AuthLDAPGroupAttributeIsDN on
+</AuthzProviderAlias>
diff --git a/config/setupmymac b/config/setupmymac
index 224c917..770e3a8 100755
--- a/config/setupmymac
+++ b/config/setupmymac
@@ -537,6 +537,19 @@ then
restart_apache = true
end
+confd_source = "#{WHIMSY}/config/25-authz_ldap_group_membership.conf"
+confd_target = '/private/etc/apache2/other/conf-enabled/25-authz_ldap_group_membership.conf'
+if
+ not File.exist?(confd_target) or
+ File.read(confd_target) != File.read(confd_source)
+then
+ sudo do
+ run 'cp', confd_source, confd_target
+ end
+
+ restart_apache = true
+end
+
### Make applications restart on change
if not $root and force[:toucher] != nil
diff --git a/config/whimsy.conf b/config/whimsy.conf
index 8e1bf1d..02e83a7 100644
--- a/config/whimsy.conf
+++ b/config/whimsy.conf
@@ -317,4 +317,31 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
</RequireAny>
</LocationMatch>
+<Directory /srv/whimsy/www/test/member>
+ AuthType Basic
+ AuthName "ASF Members"
+ AuthBasicProvider ldap
+ AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ Require ldap-alias-member
+</Directory>
+
+<Directory /srv/whimsy/www/test/incubator>
+ AuthType Basic
+ AuthName "Incubator PMC"
+ AuthBasicProvider ldap
+ AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ Require ldap-alias-incubator-pmc
+</Directory>
+
+<Directory /srv/whimsy/www/test/member-incubator>
+ AuthType Basic
+ AuthName "ASF Members and Incubator PMC"
+ AuthBasicProvider ldap
+ AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+ <RequireAny>
+ Require ldap-alias-member
+ Require ldap-alias-incubator-pmc
+ </RequireAny>
+</Directory>
+
</VirtualHost>
diff --git a/docker/Dockerfile b/docker/Dockerfile
index d256271..042d09f 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -63,6 +63,7 @@ RUN DEBIAN_FRONTEND='noninteractive' apt-get install -y ldap-utils
# This should be last, as the source is likely to change
# It also takes very little time, so it does not matter if it has to be redone
COPY work/whimsy.conf /etc/apache2/sites-enabled/000-default.conf
+COPY work/25-authz_ldap_group_membership.conf /etc/apache2/conf-enabled/25-authz_ldap_group_membership.conf
WORKDIR /srv/whimsy
EXPOSE 80