I'm trying to setup per repository SVN authentication via MySQL but I'm having a few problems.
Firstly what is the difference between mod_authn_dbd and mod_auth_mysql?
Secondly I already have a MySQL database setup with a table for users, groups and permissions. Is it possible using either of these mods to link into my current permission system where by a username, password and permission is required to access the repository (Preferable with a read permission and write permission per repository)
tbl_users: user_id, user_name, user_hash
tbl_group: group_id, group_name
tbl_permission: permission_id, permission_name
tbl_user_group: user_id, group_id
tbl_group_permission: group_id, permission_id
tbl_user_permission: user_id, permission_id
Firstly the difference.
mod_authn_dbd provides authentication front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by looking up users in SQL tables.
mod_auth_mysql is an Apache module that allows authentication using user and group data stored in MySQL databases. The project seems to not have updated since 2005, so I'd go for mod_authn_dbd.
To set this up properly, first you need to configure mod_authn_dbd and mod_dbd up properly in your apache configuration, mod_dbd takes care of your database connection. Once you've done this (make sure your Apache is running with those modules active), then you can go ahead configuring them.
Add something like this to your apache configuration to configure the database connection:
<IfModule mod_dbd.c>
DBDriver mysql
DBDParams "host=(your_db_server, p.e. 127.0.0.1) dbname=your_db_name user=your_db_user pass=your_db_pass"
DBDMin 1
DBDKeep 8
DBDMax 20
DBDExptime 200
</IfModule>
Now add your desired authentication configuration into the apache configuration:
<Directory "/your/svn/repository/path/">
Options FollowSymLinks Indexes MultiViews
AuthType Basic
AuthName "Allowed users Only"
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT pwd FROM tbl_users, tbl_user_group WHERE tbl_users.user_id=%s AND tbl_user.user_id=tbl_user_group.user_id"
Require valid-user
AllowOverride None
Order allow,deny
Allow from all
</Directory>
I've simplified the SELECT-statement for better readability, you have to expand this to get your configuration refined.
EDIT:
After typing I've found a very good example in the web, maybe read it here, too. It goes alot deeper than my simplified answer.
Related
Recently we have developed application with JAVA,HTML5,JQUERY,JBOSS-7.1.1,Apache2.4
my configuration details between Apache2.4 to JBoss is :
mod_jk.so & mod-jk.conf & workers.properties
------------------- configurations----------------------------------------------
mod-jk.conf
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkShmFile logs/mod_jk.shm
JkLogFile logs/mod_jk.log
JkLogLevel info
#JkMount /TestForApache2/ loadbalancer
JkMount /Application/* loadbalancer
workers.properties
worker.list=loadbalancer
worker.jboss.host=192.168.1.105
worker.jboss.port=8009
worker.jboss.type=ajp13
worker.jboss.cachesize=100
worker.jboss.lbfactor=1
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=jboss
httpd-vhosts.conf
DocumentRoot "c:/Apache24/htdocs/html5"
ServerName localhost
ErrorLog "logs/dummy-host.example.com-error.log"
CustomLog "logs/dummy-host.example.com-access.log" common
Options Indexes FollowSymLinks Includes ExecCGI
JkMount /Application/* loadbalancer
we are facing the issue is :
when Multiple Users access my application from application.mysite.com then its going to hanging login page,if single user the its working fine.
i am new in this Apache2.4 i have tried with multiple changes like: i followed artical
when i restart the Apache2.4 from services then its working fine,
and we are using session ids in jboss
i.e. when logged in user then creating session send to user browser like: application.mysite.com/main/header.html?sessionId=oMzxRpLUkF8FX0r7NkMlWqOV.jboss
please can any once help me for changes in configuration changes,
thanks in advance & please save my days.
I get this message,
Request Entity Too Large
The requested resource
/index.php
does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.
I set
php_value post_max_size 50M
php_value upload_max_filesize 50M
in .htaccess but not helped
How to overcome this?
Thanks
After you are over the raising of PHP's memory_limit, post_max_size and upload_max_filesize, I would like to recommend you some articles related to the topic, maybe one of them solves the problem.
I found this post on Server Fault:
https://serverfault.com/questions/79741/php-apache-post-limit/79745#79745
sybreon suggests to double-check the Content-Length, and - citing - "ensure that you are directly connecting to Apache and not through either a proxy or a reverse-proxy. Some reverse-proxies place a cap on the maximum size of a request as a sort of security measure. So, you may want to check that as well as your Apache logs to ensure that nothing else is going on."
sybreon also posted this link: Apache 413 error problems.
The following is only applicable if you have mod_ssl module turned on in Apache. (Otherwise this setting can cause a server crash.)
Citing the article:
"I was using Apache SSL client certificates, which have a limit of 128K, and if re-negotiation has to happen, a larger POST will fail.
This Bugzilla posting had the clues - You have to set the following as DEFAULTS for your SSL server, not just the directory.
SSLVerifyClient require
Otherwise it forces a renegotiation of some sort, and fails with a 413 error."
The previous article also mentioned the LimitRequestBody directive.
A guy says here that the appropriate setting of this directive solved his problem..
I hope one of these settings solves this problem!
The only thing that would work for me was to tune up the SSL Buffer Size. You can set this by...
<Directory /my/blah/blah>
...
# Set this to something big...
SSLRenegBufferSize 10486000
...
</Directory>
...and then just restart Apache for the change to take effect. (Found this at: http://forum.joomla.org/viewtopic.php?p=2085574)
You can also use "Location /" to simply apply the setting to a whole VirtualHost:
<VirtualHost *:443>
# ...
<Location />
SSLRenegBufferSize 101048600
</Location>
# ...
</VirtualHost>
My server is Apache. It was mod_security module which was preventing post of large data approximately 171 KB.
I did below configurations in mod_security.conf
SecRequestBodyNoFilesLimit 10486000
SecRequestBodyInMemoryLimit 10486000
If max_post_upload and max_file_upload in PHP has been set,
and there is a setting in Apache2.conf or ModSec config files of LimitRequestBody set high enough
then possibly a .htaccess file will work.
Go to the directory with the upload php file in it ( the file or page throwing the error.)
2 . Make or edit .htaccess
3 . Edit or create a line with
LimitRequestBody 20971520 in it.
Save the .htaccess. Set permissions. ( 644 and apache owner)
Possibly restart apache.
Tada . Hopefully fixed.
This setting sets that limit for this folder only - which is one way to avoid a global setting in php and apache which makes you open to large packet / load DOS attacks.
LimitRequestBody 0 gives you unlimited uploads.
I was struggling with this 413 - Request entity too large problem for last day or so, as I was trying to upload farely large (in MBs) images to the server.
My setup is apache (227) proxying requests to jboss eap (6.4.20) server for accessing rest endpoints.
2 Things worked for me.
Make SSLVerifyClient required at the virtual host level. This means all the resources need a valid client cert presented to be served. This was not an option for me as all the resources except /api should NOT be mutual auth protected. So, while it worked, this was not an option for me.
I removed the global level SSLVerifyClient required and kept it 'optional'. I re enabled required option only on <Location /api>...</Location>. Trick was to have the SSL renegotiation happen only after a certain threshold is reached - which would be our desired upload file size.
So, finally it turned out that I had to enable 'SSLRenegBufferSize' setting on a specific LocationMatch as follows:
<LocationMatch ^/api/v1/path/(.*)/to/(.*)/resource/endpoint$>
SSLRenegBufferSize 5242880 #allow upto 5MB for files to come through
</LocationMatch>
(.*) in the case above represents my path params in the endpoint. Hope this helps.
After raising of PHP's memory_limit, post_max_size and upload_max_filesize in php.ini, I still had the problem.
What was also needed was the following in apache2.conf:
LimitRequestBody 1000000000
That's for a max size of 1GB.
The docs say that 0 is the default, which means unlimited. However, until I set the directive, I couldn't upload large files.
Don't forget to restart apache2.
I am trying to get authorization to work on my apache installation. I want to authorize depending on what group the user belongs to.
I am using
Apache 2.2.15
Centos 6.2 (Running as guest in VB)
My setup is working if I only want to authenticate/authorize based on the user.
Here is the significant part (I think...) of my httpd.conf:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider dbd
Require dbd-group 1
Require valid-user
AuthzDBDQuery "SELECT group_id FROM groupsusers JOIN user ON groupsusers.user_id = user.id WHERE groupsusers.group_id = 1 AND user.users = %s"
AuthDBDUserPWQuery "SELECT password FROM user WHERE users = %s"
</Directory
AuthzDBDQuery doesn't work since, as I understand it, it is not part of any stable version yet. This is the error message I get while starting httpd:
Invalid command 'AuthzDBDQuery', perhaps misspelled or defined by a module not included in the server configuration httpd not running, trying to start
My question is, how can I use groups for authorization when using mysql for storing the groups? I guess it must be possible without re-compiling apache?
Since everything around this is pretty poor documented it would be greate to get some detailed instructions. Of course, anything that can help me in the rigth direction is appreciated.
Thanks!
I think it is not possible at this stage. I think it will come support for this in the next stable version of httpd.
The problem was solved after I enabled authz_dbd mod in apache 2.4.
I followed an article from Magento Support on how to set up a Magento installation with multiple websites, stores, and store views, but it screwed my installation and I couldn't access anything. Thanks to a couple of replies to my post, I was able to get back to some semblance of a working system.
I would really appreciate if someone could spot what stupid thing I must have done in my setup.
My requirements for this test setup are:
- One single admin area.
- Two websites.
- First website with 1 store (with 3 store views).
- Second website with 2 stores (each with one store view).
- I'd prefer to access the frontend using URLs like: http://www.firstwebsite.com rather than http://www.firstwebsite.com/magento/index.php
Machine is running Windows XP.
In the stores configuration I have this setup:
Websites:
Name=Main Website
code=base
Name=Paul Website
code=pws1
Stores:
Name=Main Store
Website=Main Website
Name=Electronics
Website=Paul Website
Name=Media
Website=Paul Website
Store Views:
Name=English
Store=Electronics
code=en1
Name=English
Store=Media
code=en2
Name=English
Store=Main Store
code=default
Name=French
Store=Main Store
code=french
Name=German
Store=Main Store
code=german
System/Configuration/General/Web (accessed by URL http://test.pdapache.com/magento/index.php):
Scope=Default Config
Add Store Code to Urls = No
Auto-redirect to Base URL = No
Secure and Unsecure URLs just set to {{base_url}} at this scope
Scope=Main Website
Unsecure Base URL=http://test.pdapache.com/magento/
Secure Base URL=https://test.pdapache.com/magento/
All other secure/unsecure not using default. Also Default Web URL=cms (use Default = No). CMS Home Page=Home Page (use default = no)
Scope=Paul Website
Unsecure Base URL=http://paulsplace.com/magento/
Secure Base URL=https://paulsplace.com/magento/
All other secure/unsecure not using default. Also Default Web URL=cms (use Default = No). CMS Home Page=Home Page (use default = no)
hosts file:
127.0.0.1 test.pdapache.com
127.0.0.1 www.paulsplace.com
127.0.0.1 paulsplace.com
httpd.conf:
Include conf/extra/httpd-vhosts.conf
httpd-vhosts.conf file:
<VirtualHost *:80>
ServerAdmin me#myemail.com
DocumentRoot "C:/Applications/Apache Software Foundation/Apache2.2/htdocs"
ServerName paulsplace.com
ErrorLog "logs/paulsplace.com-error.log"
CustomLog "logs/paulsplace.com-access.log" common
SetEnv MAGE_RUN_TYPE website
SetEnv MAGE_RUN_CODE pws1
</VirtualHost>
<VirtualHost *:80>
ServerAdmin me#myemail.com
DocumentRoot "C:/Applications/Apache Software Foundation/Apache2.2/htdocs"
ServerName pdapache.com
ErrorLog "logs/pdapache.com-error.log"
CustomLog "logs/pdapache.com-access.log" common
SetEnv MAGE_RUN_TYPE website
SetEnv MAGE_RUN_CODE base
</VirtualHost>
When I go to either of these addresses:
http://test.pdapache.com/magento/index.php
http://www.paulsplace.com/magento/index.php
I get a Magento logo-ed page that just says "There was no Home CMS page configured or found"
The URLs I'd rather be using, i.e.
http://test.pdapache.com
http://www.paulsplace.com
just displays the Apache index.html "It works!" page.
Help! I guess I've made some stupid mistake somewhere, maybe more than one, but I don't know where.
Set your DocumentRoot to be C:/Applications/Apache Software Foundation/Apache2.2/htdocs/magento and remove the /magento from the base urls to get Magento showing at the root level.
in /etc/openldap/slapd.conf I have this acl and works:
access to dn.subtree="ou=users,dc=domain"
by group/groupofuniquenames/uniquemember="cn=partner,ou=groups,dc=domain" write
by users read
When I want to configure it in OpenSuSE 11.1 Yast2 LDAP server configuration it generates me file /etc/openldap/slap.d/cn=config/olcDatabase={1}bdb.ldif whit acl:
olcAccess: {3}to dn.subtree="ou=users,dc=domain" by group="cn=partner,ou=groups,dc=domain" manage
How can i set it from "by group" to "by group/groupofuniquenames/uniquemember" like in slapd.conf?
thanks,
Al
Got it! I have changed by group clauseto by group/groupofuniquenames/uniquemember in that file olcDatabase={1}bdb.ldif
Server must be started from yast2 (service ldap restart does not work even withou this change - it's strange!)
Yast2 configuration is then disabled because yast ldap module don't know group/groupofuniquenames/uniquemember access control rule. But LDAP works correctly.
bye