modules/dacs/files/common/dacs.conf

   1 <Configuration xmlns="http://dss.ca/dacs/v1.4">
   2
   3  <Default>
   4    FEDERATION_DOMAIN "debian.org"
   5    FEDERATION_NAME "DEBIANORG"
   6    EVAL ${Conf::JURISDICTION_AUTHSERVER}="sso.debian.org"
   7    LOG_LEVEL "info"
   8  </Default>
   9  <Jurisdiction uri="*.debian.org">
  10    JURISDICTION_NAME "DEBIAN"
  11    ADMIN_IDENTITY "DEBIAN:zobel"
  12    <Auth id="guest-apache-htpasswd">
  13      URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
  14      STYLE "pass"
  15      CONTROL "sufficient"
  16      OPTION "AUTH_FILE=/etc/apache2/dsa-guest-web-passwords"
  17      OPTION "AUTH_MODULE=mod_auth"
  18    </Auth>
  19
  20    <!-- Authenticate using webPassword from LDAP
  21    <Auth id="debian-apache-htpasswd">
  22      URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
  23      STYLE "pass"
  24      CONTROL "required"
  25      OPTION "AUTH_FILE=/var/lib/misc/thishost/web-passwords"
  26      OPTION "AUTH_MODULE=mod_auth"
  27    </Auth>
  28         -->
  29
  30    <Auth id="ldap">
  31      URL "https://sso.debian.org/cgi-bin/dacs/local_ldap_authenticate"
  32      STYLE "password"
  33      CONTROL "required"
  34      LDAP_BIND_METHOD "direct"
  35      LDAP_USERNAME_URL* '"ldap://127.0.0.1/uid=" \
  36         . encode(url, ${Args::USERNAME}) . ",ou=users,dc=debian,dc=org"'
  37      LDAP_USERNAME_EXPR* '"${LDAP::uid}"'
  38      LDAP_ROLES_SELECTOR* '"${LDAP::attrname}" eq "supplementaryGid" \
  39        ? strtr(ldap(rdn_attrvalue, \
  40            ldap(dn_index, "${LDAP::attrvalue}", 1)), " ", "_") \
  41        : 0'
  42    </Auth>
  43  </Jurisdiction>
  44 </Configuration>