Environment
Novell Open Enterprise Server 2 (OES 2) Linux
SUSE Linux Enterprise Server 10
Situation
For NSS volumes, the wwwrun user should be set as a trustee with supervisor rights on that volume.
example NSS volume: /media/nss/VOL1/
- The "rights" command can be used via terminal command line:
rights -f /media/nss/VOL1/ -r s trustee wwwrun.novell.treename
(iManager can be used to accomplish rights setup if preferred and is also a good way to check rights)
The wwwrun user as trustee with supervisor rights can be set using iManager Files and Folders | Properties | search and find the NSS volume, click on it and click OK | under the Rights tab, assign the wwwrun user as a trustee with supervisor rights, "S" check box checked needed only. Click Apply.
- Apache setup:
The browser URL for the home directory users will be http://server-ip-address/~username
Create a .conf file with the directives below under /etc/apache2/conf.d - it could be named "HomeDir.conf" for example.
This example uses the "UserDir" directive to set the path and directory for all of the home directory users. It is where you choose to put the user's home directory that exists on an NSS volume of the same server.
The asterisk ( * ) symbol is a place holder for any home user in that NSS volume path.
Restart apache when changes are made to the .conf file, using the command "rcapache2 restart"
UserDir /media/nss/VOL1/data/*/docs
<Directory "/media/nss/VOL1/data/*/docs">
Options Indexes Multiviews
AllowOverride None
Order deny,allow
Allow from all
</Directory>
- Apache set up with basic authentication:
See the information for the Apache setup above, and then review the following items...
An LDAP Group can be used using the "Require ldap-group" directive can be uncommented out and "Require valid-user" can be commented out (see apache directives below).
Also, if using this option, set the "AuthBasicAuthoritative and AuthzLDAPAuthoritative off" to "On" instead of "off".
When using "Require ldap-group" the group and users need to be LUM enabled.
A list of apache modules used in this example configuration is given here. Add missing modules for basic LDAP authentication in the /etc/sysconfig/apache2 file. APACHE_MODULES="actions alias auth_basic ldap authnz_ldap authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5 proxy proxy_ajp"
When using basic authentication, go to LDAP | LDAP Options | LDAP Group | "Require TLS for Simple Binds with Password", UN-check that box and apply the change.
Restart apache when changes are made to the .conf file or the apache2 file, using the command "rcapache2 restart"
UserDir /media/nss/VOL1/data/*/docs
<Directory "/media/nss/VOL1/data/*/docs">
Options Indexes Multiviews
AllowOverride None
Order deny,allow
Allow from all
AuthType Basic
AuthName "Protected"
Require valid-user
#Require ldap-group cn=Group1, o=novell
AuthBasicAuthoritative off
AuthzLDAPAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://server-ip-address/o=novell?uid
</Directory>
example NSS volume: /media/nss/VOL1/
- The "rights" command can be used via terminal command line:
rights -f /media/nss/VOL1/ -r s trustee wwwrun.novell.treename
(iManager can be used to accomplish rights setup if preferred and is also a good way to check rights)
The wwwrun user as trustee with supervisor rights can be set using iManager Files and Folders | Properties | search and find the NSS volume, click on it and click OK | under the Rights tab, assign the wwwrun user as a trustee with supervisor rights, "S" check box checked needed only. Click Apply.
- Apache setup:
The browser URL for the home directory users will be http://server-ip-address/~username
Create a .conf file with the directives below under /etc/apache2/conf.d - it could be named "HomeDir.conf" for example.
This example uses the "UserDir" directive to set the path and directory for all of the home directory users. It is where you choose to put the user's home directory that exists on an NSS volume of the same server.
The asterisk ( * ) symbol is a place holder for any home user in that NSS volume path.
Restart apache when changes are made to the .conf file, using the command "rcapache2 restart"
UserDir /media/nss/VOL1/data/*/docs
<Directory "/media/nss/VOL1/data/*/docs">
Options Indexes Multiviews
AllowOverride None
Order deny,allow
Allow from all
</Directory>
- Apache set up with basic authentication:
See the information for the Apache setup above, and then review the following items...
An LDAP Group can be used using the "Require ldap-group" directive can be uncommented out and "Require valid-user" can be commented out (see apache directives below).
Also, if using this option, set the "AuthBasicAuthoritative and AuthzLDAPAuthoritative off" to "On" instead of "off".
When using "Require ldap-group" the group and users need to be LUM enabled.
A list of apache modules used in this example configuration is given here. Add missing modules for basic LDAP authentication in the /etc/sysconfig/apache2 file. APACHE_MODULES="actions alias auth_basic ldap authnz_ldap authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec userdir php5 proxy proxy_ajp"
When using basic authentication, go to LDAP | LDAP Options | LDAP Group | "Require TLS for Simple Binds with Password", UN-check that box and apply the change.
Restart apache when changes are made to the .conf file or the apache2 file, using the command "rcapache2 restart"
UserDir /media/nss/VOL1/data/*/docs
<Directory "/media/nss/VOL1/data/*/docs">
Options Indexes Multiviews
AllowOverride None
Order deny,allow
Allow from all
AuthType Basic
AuthName "Protected"
Require valid-user
#Require ldap-group cn=Group1, o=novell
AuthBasicAuthoritative off
AuthzLDAPAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL ldap://server-ip-address/o=novell?uid
</Directory>
Additional Information
See URL:
The URL below shows more that one way to use the "UserDir" directive and it also can be used for native Linux file systems.
http://httpd.apache.org/docs/2.0/howto/public_html.html
and
The URL below shows more that one way to use the "UserDir" directive and it also can be used for native Linux file systems.
http://httpd.apache.org/docs/2.0/howto/public_html.html
and
Configuring User Home Directories using Native Linux file system on the same server
Also:
To redirect to SSL at the browser, the following directives can be used "as is" and put at the bottom of the newly created .conf file.
##redirect to SSL
<VirtualHost _default_:80>
RewriteEngine On
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
</VirtualHost>
To redirect to SSL at the browser, the following directives can be used "as is" and put at the bottom of the newly created .conf file.
##redirect to SSL
<VirtualHost _default_:80>
RewriteEngine On
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
</VirtualHost>