Authentication | Users | Password |
---|---|---|
✔ | ✔ |
This backend allows to chain authentication method, for example to failback to LDAP authentication if Remote authentication failed…
You have to use Multiple
as authentication modul (this will also force Multiple
for the users module). Then go in Multiple parameters
to define the modules to chain for authentication and users. Modules are separated by semi-colons/
For example:
CAS;LDAP
If CAS failed, LDAP will be used.
You can also add a condition. Example:
Remote $ENV{REMOTE_ADDR}=~/^192/;LDAP $ENV{REMOTE_ADDR}!~/^192/'
DBI;LDAP
and DBI failed for authentication, it will try first to call LDAP as user database.
The Multiple
system can :
To stack several times the same module, use “#name” with different names. Example:
LDAP#Openldap; LDAP#ActiveDirectory
Then you can have different parameters for each stored in a Perl hash entry named multi:
multi => { 'LDAP#Openldap' => { 'ldapServer' => 'ldap1.example.com', 'LDAPFilter' => '(uid=$user)', }, 'LDAP#ActiveDirectory' => { 'ldapServer' => 'ldaps://ad.example.com', 'LDAPFilter' => '(&(sAMAccountName=$user)(objectClass=person))', } },
This key must be stored directly in lemonldap-ng.ini:
[portal] multi = {'LDAP#Openldap'=>{'ldapServer'=>'ldap1.example.com','LDAPFilter'=>'(uid=$user)'},'LDAP#ActiveDirectory'=>{'ldapServer'=>'ldaps://ad.example.com','LDAPFilter'=>'(&(sAMAccountName=$user)(objectClass=person))'}}
When using this module, LL::NG portal will be called only if Apache does not return “401 Authentication required”, but this is not the Apache behaviour: if the auth module fails, Apache returns 401.
To bypass this, follow the documentation of AuthApache module
To chain SSL, you have to set “SSLRequire optional” in Apache configuration, else users will be authenticated by SSL only.