dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5d35b3271f
lemonldap-ng/po-doc/fr/pages/documentation/current/authapache.html
Clément Oudot 9a938793d8 FR documentation update
2017-08-30 16:47:26 +00:00

173 lines
8.3 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="fr" dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta charset="utf-8" />
<title>documentation:2.0:authapache</title><!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else --><!-- //endif -->
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,authapache"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="authapache.html"/>
<link rel="contents" href="authapache.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:authapache","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script><!-- //endif --><!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script><!-- //endif -->
</head>
<body>
<div class="dokuwiki export container"><!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Présentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#llng">LL::NG</a></div></li>
<li class="level2"><div class="li"><a href="#apache1">Apache</a></div></li>
</ul>
</li>
<li class="level1"><div class="li"><a href="#tips">Astuces</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#kerberos">Kerberos</a></div></li>
<li class="level2"><div class="li"><a href="#compatibility_with_identity_provider_modules">Compatibilité avec les modules fournisseurs d'identité</a></div></li>
</ul></li>
</ul>
</div>
</div><!-- TOC END -->
<h1 class="sectionedit1" id="apache">Apache</h1>
<div class="level1">
<div class="table sectionedit2"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 centeralign"> Authentification </th><th class="col1 centeralign"> Utilisateurs </th><th class="col2 centeralign"> Mot-de-passe </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"></td><td class="col1"> </td><td class="col2"> </td>
</tr>
</table></div><!-- EDIT2 TABLE [22-79] -->
</div><!-- EDIT1 SECTION "Apache" [1-80] -->
<h2 class="sectionedit3" id="presentation">Présentation</h2>
<div class="level2">
<p>
<abbr title="LemonLDAP::NG">LL::NG</abbr> peut déléguer l'authentification à Apache, ainsi il est possible d'utiliser tous les <a href="http://httpd.apache.org/docs/current/howto/auth.html" class="urlextern" title="http://httpd.apache.org/docs/current/howto/auth.html" rel="nofollow">modules d'authentification Apache</a>, par exemple Kerberos, Radius, OTP, etc.
</p>
<div class="noteimportant">To authenticate users using Kerberos, you can now use the new <a href="authkerberos.html" class="wikilink1" title="documentation:2.0:authkerberos">Kerberos authentication module</a> which allow to chain Kerberos in a <a href="authcombination.html" class="wikilink1" title="documentation:2.0:authcombination">combination</a>
</div><div class="notetip">Les modules d'authentification Apache renseignent la variable d'environnement <code>REMOTE_USER</code>, qui sera utilisée par <abbr title="LemonLDAP::NG">LL::NG</abbr> pour obtenir le nom d'utilisateur authentifié.
</div>
</div><!-- EDIT3 SECTION "Presentation" [81-664] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div><!-- EDIT4 SECTION "Configuration" [665-691] -->
<h3 class="sectionedit5" id="llng">LL::NG</h3>
<div class="level3">
<p>
Dans <code>Paramètres généraux</code> &gt; &lt;c1&gt;Modules d'authentification&lt;/c1&gt; choisir Apache pour l'authentification.
</p>
<p>
On peut choisir de basculer sur un autre backend d'authentification en cas d'échec de l'authentification Apache. Utiliser alors le <a href="authmulti.html" class="wikilink1" title="documentation:2.0:authmulti">module d'authentification multiple</a>, exemple:
</p>
<pre class="code">Apache;LDAP</pre>
<div class="notetip">Dans ce cas, la module d'authentification Apache ne doit pas exiger un utilisateur valide et ne dois pas être impératif, sinon le serveur Apache va retourner une erreur sans passer la main au portail <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</div>
</div><!-- EDIT5 SECTION "LL::NG" [692-1230] -->
<h3 class="sectionedit6" id="apache1">Apache</h3>
<div class="level3">
<p>
La configuration Apache dépend du module choisi, se référer à sa documentation. Exemple :
</p>
<ul>
<li class="level1"><div class="li"> <a href="http://modauthkerb.sourceforge.net/" class="urlextern" title="http://modauthkerb.sourceforge.net/" rel="nofollow">Kerberos</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://search.cpan.org/~speeves/Apache2-AuthenNTLM-0.02/AuthenNTLM.pm" class="urlextern" title="http://search.cpan.org/~speeves/Apache2-AuthenNTLM-0.02/AuthenNTLM.pm" rel="nofollow">NTLM</a></div>
</li>
<li class="level1"><div class="li"> <a href="http://freeradius.org/mod_auth_radius/" class="urlextern" title="http://freeradius.org/mod_auth_radius/" rel="nofollow">Radius</a></div>
</li>
<li class="level1"><div class="li"></div>
</li>
</ul>
</div><!-- EDIT6 SECTION "Apache" [1231-1565] -->
<h2 class="sectionedit7" id="tips">Astuces</h2>
<div class="level2">
</div><!-- EDIT7 SECTION "Tips" [1566-1583] -->
<h3 class="sectionedit8" id="kerberos">Kerberos</h3>
<div class="level3">
<p>
La configuration Kerberos est assez complexe. On peut trouver quelques éléments de configuration <a href="kerberos.html" class="wikilink1" title="documentation:2.0:kerberos">dans cette page</a>.
</p>
<div class="notetip">Prefer new <a href="authkerberos.html" class="wikilink1" title="documentation:2.0:authkerberos">Kerberos</a> module.
</div>
</div><!-- EDIT8 SECTION "Kerberos" [1584-1776] -->
<h3 class="sectionedit9" id="compatibility_with_identity_provider_modules">Compatibilité avec les modules fournisseurs d'identité</h3>
<div class="level3">
<p>
Lorsqu'on utilise des modules IDP (tels <abbr title="Central Authentication Service">CAS</abbr> ou <abbr title="Security Assertion Markup Language">SAML</abbr>), l'activation de 'authentification Apache peut altérer l'operation. En effet, le client doit souvent interroger directement l'IDP et l'authentification Apache va bloquer la requête.
</p>
<p>
Dans ce cas, il faut ajouter dans la configuratio du module Apache :
</p>
<pre class="code file apache"> <span class="kw1">Satisfy</span> any
<span class="kw1">Order</span> <span class="kw1">allow</span>,<span class="kw1">deny</span>
<span class="kw1">allow</span> from APPLICATIONS_IP</pre>
<p>
Ceci évite l'authentification des requêtes issues des adresses listées dans APPLICATIONS_<abbr title="Internet Protocol">IP</abbr>.
</p>
</div><!-- EDIT9 SECTION "Compatibility with Identity Provider modules" [1777-] -->
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink