192 lines
5.8 KiB
HTML
192 lines
5.8 KiB
HTML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr">
|
|
<head>
|
|
<meta name="generator" content=
|
|
"HTML Tidy for Linux/x86 (vers 25 March 2009), see www.w3.org" />
|
|
|
|
<title>Lemonldap::NG documentation: 5-Appli-Drupal.html</title>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii" />
|
|
<style type="text/css">
|
|
/*<![CDATA[*/
|
|
body{
|
|
background: #ddd;
|
|
font-family: sans-serif;
|
|
font-size: 11pt;
|
|
padding: 0 50px;
|
|
}
|
|
div.main-content{
|
|
padding: 10px;
|
|
background: #fff;
|
|
border: 2px #ccc solid;
|
|
}
|
|
a{
|
|
text-decoration: none;
|
|
}
|
|
p.footer{
|
|
text-align: center;
|
|
margin: 5px 0 0 0;
|
|
}
|
|
.heading-1{
|
|
text-align: center;
|
|
color: orange;
|
|
font-variant: small-caps;
|
|
font-size: 20pt;
|
|
}
|
|
.heading-1-1{
|
|
color: orange;
|
|
font-size: 14pt;
|
|
border-bottom: 2px #ccc solid;
|
|
}
|
|
pre{
|
|
background: #eee;
|
|
border: 2px #ccc solid;
|
|
padding: 5px;
|
|
border-left: 10px #ccc solid;
|
|
}
|
|
ul.star li{
|
|
list-style-type: square;
|
|
}
|
|
/*]]>*/
|
|
</style>
|
|
</head>
|
|
|
|
<body>
|
|
<div class="main-content">
|
|
<h2 class="heading-1"><span id="HDrupal">Drupal</span></h2>
|
|
|
|
<p class="paragraph"></p>
|
|
|
|
<ul>
|
|
<li><a href="#HPresentation">Presentation</a></li>
|
|
|
|
<li>
|
|
<a href="#HIntegrationwithLemonLDAP3A3ANG">Integration with
|
|
LemonLDAP::NG</a>
|
|
|
|
<ul>
|
|
<li><a href="#HOnDrupalside">On Drupal side</a></li>
|
|
|
|
<li><a href="#HOnLemonLDAP3A3ANGside">On LemonLDAP::NG side</a></li>
|
|
</ul>
|
|
</li>
|
|
|
|
<li><a href="#HProtectonlytheadministrationpages">Protect only the
|
|
administration pages</a></li>
|
|
</ul>
|
|
|
|
<h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3>
|
|
|
|
<p class="paragraph"></p>Drupal is a CMS written in PHP. It can works with
|
|
external modules to extends its functionalities. One of this module can be
|
|
used to delegate authentication server to the web server: <span class=
|
|
"wikiexternallink"><a href=
|
|
"http://drupal.org/project/Webserver_auth">Webserver_auth</a></span>.
|
|
|
|
<h3 class="heading-1-1"><span id=
|
|
"HIntegrationwithLemonLDAP3A3ANG">Integration with
|
|
LemonLDAP::NG</span></h3>
|
|
|
|
<h4 class="heading-1-1-1"><span id="HOnDrupalside">On Drupal
|
|
side</span></h4>
|
|
|
|
<p class="paragraph"></p>Install <span class="wikiexternallink"><a href=
|
|
"http://drupal.org/project/Webserver_auth">Webserver_auth</a></span>
|
|
module, by downloading it, and unarchive it in the drupal modules/
|
|
directory.
|
|
|
|
<p class="paragraph"></p>Then go on administration interface and enable
|
|
the module.
|
|
|
|
<h4 class="heading-1-1-1"><span id="HOnLemonLDAP3A3ANGside">On
|
|
LemonLDAP::NG side</span></h4>
|
|
|
|
<p class="paragraph"></p>Declare a VirtualHost in Apache for Drupal and
|
|
active SSO, for example:
|
|
|
|
<p class="paragraph"></p>
|
|
|
|
<div class="code">
|
|
<pre>
|
|
<VirtualHost *>
|
|
ServerName drupal.example.com<br /><br /> # SSO protection
|
|
PerlHeaderParserHandler My::Package<br /><br /> # DocumentRoot
|
|
DocumentRoot /<span class="java-keyword">var</span>/www/html/drupal/
|
|
DirectoryIndex index.php<br /><br /> LogLevel warn
|
|
ErrorLog /<span class="java-keyword">var</span>/log/httpd/drupal-error.log
|
|
CustomLog /<span class=
|
|
"java-keyword">var</span>/log/httpd/drupal-access.log combined
|
|
</VirtualHost>
|
|
</pre>
|
|
</div>
|
|
|
|
<p class="paragraph"></p>Then add this host in LemonLDAP::NG
|
|
Manager.<br />
|
|
<br />
|
|
If you are using LemonLDAP::NG as proxy, you can use this in your Druapl
|
|
Apache configuration:<br />
|
|
<br />
|
|
|
|
<div class="code">
|
|
<pre>
|
|
SetEnvIfNoCase Auth-User <span class="java-quote">"(.*)"</span> REMOTE_USER=$1
|
|
</pre>
|
|
</div><br />
|
|
<br />
|
|
You can also catch the logout page with this rule:<br />
|
|
<br />
|
|
|
|
<div class="code">
|
|
<pre>
|
|
q=logout => logout_app_sso
|
|
</pre>
|
|
</div>
|
|
|
|
<h3 class="heading-1-1"><span id=
|
|
"HProtectonlytheadministrationpages">Protect only the administration
|
|
pages</span></h3><br />
|
|
<br />
|
|
With the above solution, all the Drupal site will be protected, so no
|
|
anonymous access will be allowed.<br />
|
|
<br />
|
|
Drupal navigation is based on query strings (?q=admin, ?q=user,
|
|
etc.).<br />
|
|
<br />
|
|
You can create a special vhost and use mod_rewrite to witch between open
|
|
and protected hosts:<br />
|
|
<br />
|
|
|
|
<div class="code">
|
|
<pre>
|
|
<VirtualHost *>
|
|
ServerName drupal.example.com<br /><br /> # DocumentRoot
|
|
DocumentRoot /<span class="java-keyword">var</span>/www/html/drupal/
|
|
DirectoryIndex index.php<br /><br /> # Redirect admin pages
|
|
RewriteEngine On
|
|
RewriteCond %{QUERY_STRING} q=(admin|user)
|
|
RewriteRule ^/(.*)$ <span class="nobr"><a href=
|
|
"http://drupaladmin.example.com/$1">http://drupaladmin.example.com/$1</a></span> [R]<br /><br /> LogLevel warn
|
|
ErrorLog /<span class="java-keyword">var</span>/log/httpd/drupal-error.log
|
|
CustomLog /<span class=
|
|
"java-keyword">var</span>/log/httpd/drupal-access.log combined
|
|
</VirtualHost>
|
|
<VirtualHost *>
|
|
ServerName admindrupal.example.com<br /><br /> # SSO protection
|
|
PerlHeaderParserHandler My::Package<br /><br /> # DocumentRoot
|
|
DocumentRoot /<span class="java-keyword">var</span>/www/html/drupal/
|
|
DirectoryIndex index.php<br /><br /> LogLevel warn
|
|
ErrorLog /<span class=
|
|
"java-keyword">var</span>/log/httpd/admindrupal-error.log
|
|
CustomLog /<span class=
|
|
"java-keyword">var</span>/log/httpd/admindrupal-access.log combined
|
|
</VirtualHost>
|
|
</pre>
|
|
</div>
|
|
</div>
|
|
|
|
<p class="footer"><a href="index.html">Index</a></p>
|
|
</body>
|
|
</html>
|