tuto:ipasserelle:authentification:installer_le_handler_lemonldap_sur_sme

Installation du Handler LemonLDAP sur SME

Dans certains cas, on peut vouloir installer uniquement le handler LemonLDAP::NG sur une SME (si on a déjà un serveur LemonLDAP central). Dans ce cas, voilà la marche à suivre: 

yum --enablerepo=epel --enablerepo=fws install lemonldap-ng-handler smeserver-webapps-common

Il ne reste plus qu'à mettre en place quelques templates-custom: 

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/
cat <<'EOF' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/97LemonLDAPHandler
#====================================================================
# Apache configuration for LemonLDAP::NG Handler
#====================================================================
 
# Load LemonLDAP::NG Handler
PerlOptions +GlobalRequest
PerlRequire /var/lib/lemonldap-ng/handler/MyHandler.pm
 
# Common error page and security parameters
#ErrorDocument 403 http://auth.{$DomainName}/?lmError=403
#ErrorDocument 500 http://auth.{$DomainName}/?lmError=500
 
 
# Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# configuration change
<Location /lm-reload>
    SSLRequireSSL on
    Order deny,allow
    Deny from all
    Allow from {"$localAccess $externalSSLAccess";}
    PerlHeaderParserHandler My::Package->refresh
</Location>
EOF
cat <<'EOF' > /etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/05LemonLDAPHandler
{
 
if (($domain->prop('LemonLDAP') || 'disabled') eq 'enabled'){
    $OUT .= "    # This virtualhost is configured to be protected by LemonLDAP NG\n" .
            "    PerlHeaderParserHandler My::Package\n" .
            "    ErrorDocument 403 https://auth.$DomainName/?lmError=403\n" .
            "    ErrorDocument 500 https://auth.$DomainName/?lmError=500\n";
}
 
}
EOF

Il ne reste plus qu'à modifier (à la main, pas de templates) le fichier de configuration /etc/lemonldap-ng/lemonldap-ng.ini, exemple:

lemonldap-ng.ini
[all]
 
[configuration]
type = SOAP
proxy = https://lemonsoap:GKpyKjCRYRc3zgd8AzUBzM9lREP4tqibfQ7f5m@soapsso.domain.tld/index.pl/config
proxyOptions = { timeout => 5 }
localStorage=Cache::FileCache
localStorageOptions={ 'namespace' => 'LemonLDAPng', 'default_expires_in' => 600, 'directory_umask' => '007', 'cache_root' => '/tmp', 'cache_depth' => 5, }
  • tuto/ipasserelle/authentification/installer_le_handler_lemonldap_sur_sme.txt
  • Dernière modification: 12/07/2012 23:14
  • de dani