2016-10-15 19:57:54 +02:00
<!DOCTYPE html>
< html lang = "fr" dir = "ltr" >
< head >
< meta http-equiv = "content-type" content = "text/html; charset=UTF-8" >
< meta charset = "utf-8" / >
2017-02-07 17:35:26 +01:00
< title > documentation:2.0:header_remote_user_conversion< / title > <!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else --><!-- //endif -->
2016-10-15 19:57:54 +02:00
< meta name = "generator" content = "DokuWiki" / >
< meta name = "robots" content = "index,follow" / >
< meta name = "keywords" content = "documentation,2.0,header_remote_user_conversion" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "header_remote_user_conversion.html" / >
< link rel = "contents" href = "header_remote_user_conversion.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
2016-10-15 19:57:54 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : h e a d e r _ r e m o t e _ u s e r _ c o n v e r s i o n " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
2017-02-07 17:35:26 +01:00
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script > <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script > <!-- //endif --> <!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script > <!-- //endif -->
2017-02-07 17:35:26 +01:00
2016-10-15 19:57:54 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
< h1 class = "sectionedit1" id = "convert_http_header_into_environment_variable" > Convertir les en-têtes HTTP en variables d'environnement< / h1 >
< div class = "level1" >
2017-10-24 13:04:03 +02:00
< / div > <!-- EDIT1 SECTION "Convert HTTP header into environment variable" [1 - 61] -->
< h2 class = "sectionedit2" id = "apache" > Apache< / h2 >
< div class = "level2" >
2016-10-15 19:57:54 +02:00
< p >
Lorsque < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > est utilisé en mode reverse-proxy, la variable d'environnement < code > REMOTE_USER< / code > n'est pas renseignée. Toutefois, cette variable est renseignée par l'agent dans le serveur physique l'hébergeant mais pas dans les autres serveurs sans agents.
< / p >
< p >
Le < a href = "http://httpd.apache.org/docs/current/mod/mod_setenvif.html" class = "urlextern" title = "http://httpd.apache.org/docs/current/mod/mod_setenvif.html" rel = "nofollow" > module SetEnvIf< / a > d'Apache peut transformer l'en-tête HTTP Auth-User en variable d'environnement < code > REMOTE_USER< / code > :
< / p >
< pre class = "code file apache" > < span class = "kw1" > SetEnvIfNoCase< / span > Auth-< span class = "kw1" > User< / span > < span class = "st0" > "(.*)"< / span > REMOTE_USER=$1< / pre >
< p >
Ceci permet de protéger des applications nécessitant la variable d'environnement < code > REMOTE_USER< / code > en mode reverse-proxy. Dans ce cas 2 fichiers de configuration Apache doivent être renseignés :
< / p >
< ul >
< li class = "level1" > < div class = "li" > le fichier de configuration d'Apache sur le reverse-proxy < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > (celui qui héberge l'agent < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > ):< / div >
< / li >
< / ul >
< pre class = "code file apache" > < < span class = "kw3" > VirtualHost< / span > *:< span class = "nu0" > 80< / span > >
< span class = "kw1" > ServerName< / span > application.example.com
PerlHeaderParserHandler Lemonldap::NG::Handler
< span class = "kw1" > ProxyPreserveHost< / span > < span class = "kw2" > on< / span >
< span class = "kw1" > ProxyPass< / span > / http://APPLICATION_IP/
< span class = "kw1" > ProxyPassReverse< / span > / http://APPLICATION_IP/
< /< span class = "kw3" > VirtualHost< / span > > < / pre >
< ul >
< li class = "level1" > < div class = "li" > le fichier de configuration d'Apache sur le serveur d'application (celui qui héberge l'application):< / div >
< / li >
< / ul >
< pre class = "code file apache" > < < span class = "kw3" > VirtualHost< / span > *:< span class = "nu0" > 80< / span > >
< span class = "kw1" > ServerName< / span > application.example.com
< span class = "kw1" > SetEnvIfNoCase< / span > Auth-< span class = "kw1" > User< / span > < span class = "st0" > "(.*)"< / span > REMOTE_USER=$1
< span class = "kw1" > DocumentRoot< / span > /var/www/application
< /< span class = "kw3" > VirtualHost< / span > > < / pre >
< div class = "notetip" > Parfois, des applications PHP examinent également les variables d'environnement PHP_AUTH_USER et PHP_AUHT_PW. On peut les renseigner par la même voie :
< pre class = "code file apache" > < span class = "kw1" > SetEnvIfNoCase< / span > Auth-< span class = "kw1" > User< / span > < span class = "st0" > "(.*)"< / span > PHP_AUTH_USER=$1
< span class = "kw1" > SetEnvIfNoCase< / span > Auth-Password < span class = "st0" > "(.*)"< / span > PHP_AUTH_PW=$1< / pre >
< p >
Bien sûr, il faut < a href = "passwordstore.html" class = "wikilink1" title = "documentation:2.0:passwordstore" > stocker le mot-de-passe dans la session< / a > pour renseigner PHP_AUTH_PW.
< / p >
< / div >
2017-10-24 13:04:03 +02:00
< / div > <!-- EDIT2 SECTION "Apache" [62 - 1756] -->
< h2 class = "sectionedit3" id = "nginx" > Nginx< / h2 >
< div class = "level2" >
< p >
Nginx doesn't launch directly PHP pages (or other languages): it dials with FastCGI servers (like php-fpm). As you can see in examples, it's easy to map a LLNG header to a fastcgi param. Exemple :
< / p >
< pre class = "code file nginx" > auth_request_set $authuser $upstream_http_auth_user;
fastcgi_param HTTP_MYVAR $authuser;< / pre >
< / div > <!-- EDIT3 SECTION "Nginx" [1757 - ] -->
2016-10-15 19:57:54 +02:00
< / div >
< / body >
< / html >