Drupal

Presentation

Drupal is a CMS written in PHP. It can works with external modules to extends its functionalities. One of this module can be used to delegate authentication server to the web server: Webserver_auth.

Integration with LemonLDAP::NG

On Drupal side

Install Webserver_auth module, by downloading it, and unarchive it in the drupal modules/ directory.

Then go on administration interface and enable the module.

On LemonLDAP::NG side

Declare a VirtualHost in Apache for Drupal and active SSO, for example:

<VirtualHost *>
    ServerName drupal.example.com

# SSO protection PerlHeaderParserHandler My::Package

# DocumentRoot DocumentRoot /var/www/html/drupal/ DirectoryIndex index.php

LogLevel warn ErrorLog /var/log/httpd/drupal-error.log CustomLog /var/log/httpd/drupal-access.log combined </VirtualHost>

Then add this host in LemonLDAP::NG Manager.

If you are using LemonLDAP::NG as proxy, you can use this in your Druapl Apache configuration:

SetEnvIfNoCase Auth-User "(.*)" REMOTE_USER=$1


You can also catch the logout page with this rule:

q=logout => logout_app_sso

Protect only the administration pages



With the above solution, all the Drupal site will be protected, so no anonymous access will be allowed.

Drupal navigation is based on query strings (?q=admin, ?q=user, etc.).

You can create a special vhost and use mod_rewrite to witch between open and protected hosts:

<VirtualHost *>
    ServerName drupal.example.com

# DocumentRoot DocumentRoot /var/www/html/drupal/ DirectoryIndex index.php

# Redirect admin pages RewriteEngine On RewriteCond %{QUERY_STRING} q=(admin|user) RewriteRule ^/(.*)$ http://drupaladmin.example.com/$1 [R]

LogLevel warn ErrorLog /var/log/httpd/drupal-error.log CustomLog /var/log/httpd/drupal-access.log combined </VirtualHost> <VirtualHost *> ServerName admindrupal.example.com

# SSO protection PerlHeaderParserHandler My::Package

# DocumentRoot DocumentRoot /var/www/html/drupal/ DirectoryIndex index.php

LogLevel warn ErrorLog /var/log/httpd/admindrupal-error.log CustomLog /var/log/httpd/admindrupal-access.log combined </VirtualHost>