Hi Cleber,
On 22.06.2012 [17:39:54 -0300], Cleber Rosa wrote:
> On 06/21/2012 10:52 PM, Nishanth Aravamudan wrote:
> >So my autotest installation is authenticated via LDAP with a stanza in
> >the appropriate httpd.conf files. The autotest-rpc-client, though,
> >assumes (I think?) that it doesn't need auth to get to the RPC server
> >... and perhaps it shouldn't. But I couldn't figure out a way to allow
> >RPC access to everyone while keeping LDAP authentication to the UI.
> >
> >On a similar vein, I'd like the admin interface to be restricted to a
> >few users, but I can't find a clean way of doing that either.
>
> Can you provide your configuration (with sensitive info masked out)
> ? I'd like to understand if you're just protecting users access to
> the web ui client files or if you're also protecting the rpc server.
Thanks for taking a look:
/usr/local/autotest/apache/conf/afe-directives
<Location "/afe">
DirectoryIndex AfeClient.html
AuthType basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthBasicAuthoritative off
AuthLDAPURL ldap://<correct URL>
Require valid-user
AuthUserFile /dev/null
</Location>
With this, authentication does succeed, but there are a few issues:
1) I think this does cause RPC calls to be protected ... which perhaps
they should be in my environment so I can always tell *who* submitted
what job, etc. How does that work without such authentication?
2) The admin interface is under /afe and I would like to essentially
restrict access to that area to some specific LDAP users (basically
myself :) -- but I couldn't figure out a way to configure Apache for
that.
Thanks,
Nish
--
Nishanth Aravamudan <n...@us.ibm.com>
IBM Linux Technology Center
_______________________________________________
Autotest mailing list
Autotest@test.kernel.org
http://test.kernel.org/cgi-bin/mailman/listinfo/autotest
