Authentification | Utilisateurs | Mot-de-passe |
---|---|---|
✔ | ✔ |
This backend allows to chain authentication method, for example to failback to LDAP authentication if Remote authentication failed…
You have to use Multiple
as authentication modul (this will also force Multiple
for the users module). Then go in Multiple parameters
to define the modules to chain for authentication and users. Modules are separated by semi-colons/
Par exemple :
CAS;LDAP
If CAS failed, LDAP will be used.
Il est possibe d'ajouter une condition. Exemple :
Remote $ENV{REMOTE_ADDR}=~/^192/;LDAP $ENV{REMOTE_ADDR}!~/^192/'
DBI;LDAP
and DBI failed for authentication, it will try first to call LDAP as user database.
The Multiple
system can :
To stack several times the same module, use “#name” with different names. Exemple :
LDAP#Openldap; LDAP#ActiveDirectory
Then you can have different parameters for each stored in a Perl hash entry named multi:
multi => { 'LDAP#Openldap' => { 'ldapServer' => 'ldap1.example.com', 'LDAPFilter' => '(uid=$user)', }, 'LDAP#ActiveDirectory' => { 'ldapServer' => 'ldaps://ad.example.com', 'LDAPFilter' => '(&(sAMAccountName=$user)(objectClass=person))', } },
This key must be stored directly in lemonldap-ng.ini:
[portal] multi = {'LDAP#Openldap'=>{'ldapServer'=>'ldap1.example.com','LDAPFilter'=>'(uid=$user)'},'LDAP#ActiveDirectory'=>{'ldapServer'=>'ldaps://ad.example.com','LDAPFilter'=>'(&(sAMAccountName=$user)(objectClass=person))'}}
En utilisant ce module, le portail LL::NG est appelé uniquement si Apache ne retourne pas “401 Authentication required”, aucune bascule n'est donc possible.
Pour outrepasser ceci, suivre la documentation du module AuthApache
To chain SSL, you have to set “SSLRequire optional” in Apache configuration, else users will be authenticated by SSL only.