LemondLDAP

Obsolete Releases > SME 8.x Contribs

LemondLDAP

<< < (2/3) > >>

Daniel B.:
You can get more information on LL::NG access rules here: http://lemonldap-ng.org/documentation/latest/writingrulesand_headers.

Expression is the URL you wan't to protect. If you want to protect all the virtualhost, just use ^/ as expression. Here are some examples

Allow access to all SME users
Expression: ^/
Rule: $groups =~ /\bshared\b/

Allow only access to SME group 'office'
Expression: ^/
Rule: $groups =~ /\boffice\b/

Allow only access to SME groups 'office' and 'sales'
Expression: ^/
Rule: $groups =~ /\boffice|sales\b/

Disallow access to only SME group 'office'
Expression: ^/
Rule: $groups !~ /\boffice\b/

Allow access to only SME user 'jdoe'
Expression: ^/
Rule: $uid eq 'jdoe'

You can use more variable. Anything available in LDAP can be exported in LL::NG variable, and you can then use it in rules expression. There are also some variables already configured like $ipAddr, $authenticationLevel etc....

Regards, Daniel

guest22:
Perfect! Many thanks!

guest22:
Daniel, would you happen to know if you can add new 'fields' to the default SME OpenLDAP server?

Daniel B.:
It's possible, I've done that in some event scripts, but it's not that easy

- if the attribute is already defined in one of the existing schema, it can be added quite easily (using cpu or Net::LDAP)
- if you want custom attribute, you need to define your own LDAP schema, load in in slapd and then, you'll be able to add them.

guest22:
Daniel,

I have some trouble getting things working correctly. For starters I have followed the exact example you gave on the wiki. example is an index.html in /opt/myapp. (changed /opt/kplaylist into /opt/myapp in the custom template). Saved the custom template and expanded httpd.conf.

executed the db domains command as per the wiki.

declared the app in LemonLDAP with rules as per above and myapp shows up in the user menu. When clicking myapp the html document is shown, but when I logoff from LemonLDAP, the html file is still accessible.

On the other hand, I install owncloud in /opt/owncloud and followed exact same procedure, but I get a access not allowd (err 403) from LemonLDAP.

Sorry to bother you with this, but I'm really confused, and have given it many many tries. Somewhere along the line I seem to miss something. So far, from the triple A of LemonLDAP, I only seem to get the pass the first A only.

Can you assist please?

TIA
guest

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version