From de457460c8ab9fb1ab0c727665159344cca071a6 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Tue, 4 Sep 2012 13:04:03 +0200
Subject: [PATCH] Supporte l'authentification basic (mod_authnz_ldap) pour les
 domaines

---
 .../conf/httpd.conf/WebAppVirtualHost/50Content    | 28 ++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content
index fdeef80..347eea0 100644
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content
@@ -1,5 +1,9 @@
 {
 
+use esmith::util;
+my $base = esmith::util::ldapBase($DomainName);
+
+my $name = $domain->key;
 my $target = $domain->prop('ProxyPassTarget') || '';
 my $redirect = $domain->prop('Redirect') || '';
 my $rewrite = $domain->prop('Rewrite') || '';
@@ -7,6 +11,8 @@ my $allow = $domain->prop('AllowHosts') || '';
 my $preserve = $domain->prop('ProxyPreserveHost') || 'no';
 my $keepalive = $domain->prop('ProxyNoKeepAlive') || 'no';
 my @env = split(/[;,]/, ($domain->prop('SetEnv') || ''));
+my $auth = $domain->prop('Authentication') || 'none';
+my @groups = split(/[;,]/, ($domain->prop('AllowGroups') || ''));
 
 # ProxyPass ?
 if ($target =~ m|https?://[\d\w\.\-/]*|){
@@ -61,5 +67,27 @@ if ($allow ne ''){
 EOF
 }
 
+if ($auth =~ m/^Basic$/i){
+    my $require = "Require valid-user";
+    if (scalar(@groups) > 0){
+        $require = "Require ldap-group ";
+        $require .= "cn=$_,ou=Groups,$base " foreach(@groups);
+    }
+    $OUT .=<<"EOF";
+
+    <Location />
+        AuthType basic
+        AuthName "$name"
+        AuthBasicProvider ldap
+        AuthLDAPURL ldap://localhost/ou=Users,$base?uid
+        AuthLDAPGroupAttribute memberUid
+        AuthLDAPGroupAttributeIsDN off
+        $require
+    </location>
+
+EOF
+
+}
+
 }