Contents

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

# By default the LDAPCacheTTL directive is set to 600 seconds.  If you want to
# effectively disable LDAP caching in mod_ldap, set the directive to 0. There
# is a performance trade-off, but disabling the cache will make things like
# password changes effective immediately.
# http://httpd.apache.org/docs/2.4/mod/mod_ldap.html
# LDAPCacheTTL 0

<Location /broker>
    AuthName "OpenShift"
    AuthType Basic
    AuthBasicProvider ldap
    AuthLDAPURL "ldap://ldap.example.com:389/ou=People,dc=my-domain,dc=com?uid?sub?(objectClass=*)"
    require valid-user

    # The node->broker auth is handled in the Ruby code
    BrowserMatchNoCase ^OpenShift passthrough
    Allow from env=passthrough

    # Console traffic will hit the local port.  mod_proxy will set this header automatically.
    SetEnvIf X-Forwarded-For "^$" local_traffic=1
    # Turn the Console output header into the Apache environment variable for the broker remote-user plugin
    SetEnvIf X-Remote-User "(..*)" REMOTE_USER=$1
    Allow from env=local_traffic

    Order Deny,Allow
    Deny from all
    Satisfy any
</Location>

# The following APIs do not require auth:
<Location /broker/rest/application_templates*>
    Allow from all
</Location>

<Location /broker/rest/cartridges*>
    Allow from all
</Location>

<Location /broker/rest/api*>
    Allow from all
</Location>

Version data entries

3 entries across 3 versions & 1 rubygems

Version	Path
openshift-origin-auth-remote-user-1.3.2	conf/openshift-origin-auth-remote-user-ldap.conf.sample
openshift-origin-auth-remote-user-1.3.1	conf/openshift-origin-auth-remote-user-ldap.conf.sample
openshift-origin-auth-remote-user-1.2.3	conf/openshift-origin-auth-remote-user-ldap.conf.sample