Re: [BackupPC-users] Backup PC Ldap groups.

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Are your general users and admin users in the same ldap database ?

If so, I just tried these settings on our CentOS 5, BackupPC 3.1 and Apache 2.2 machine which works.

<Location "/cgi-bin/BackupPC_Admin">
   SSLRequireSSL
   AuthType Basic
   AuthName "BackupPC"
   AuthBasicProvider ldap
   AuthLDAPGroupAttributeIsDN off
   AuthLDAPGroupAttribute memberUid
   AuthLDAPURL ldap://localhost/dc=example,dc=com
   AuthzLDAPAuthoritative off
   require valid-user
</Location>

and in our config.pl

$Conf{CgiAdminUserGroup} = 'Admins';
$Conf{CgiAdminUsers} = '';

Dale

From: D P 
Sent: Sunday, April 27, 2008 11:54 PM
To: Dale Renton 
Cc: bac...@li... 
Subject: Re: [BackupPC-users] Backup PC Ldap groups.

Hi Dale

I have this but it does not work to identify administrative users. It only gives general user access.

<Directory       /usr/share/BackupPC/sbin/>
  order deny,allow
  AuthType Basic

  AuthLDAPVersion 2
  AuthLDAPurl "ldap://foo:389/bar"
  AuthName "BackupPC"

  require valid-user

</Directory>.

To make administrative users work I had to add this to my config.pl.

$Conf{CgiAdminUserGroup} = '';
$Conf{GgiAdminUsers} = '';
{
    # Use results of ldapsearch in /etc/crontab
    open(LDAP,"/etc/BackupPC/admingroup");
    $Conf{CgiAdminUsers} = <LDAP>;
    close LDAP;
}

I'm open to suggestions for a better way to do this.

-Dex

2008/4/26 Dale Renton <dal...@ho...>:

  Are you able to configure Apache to do your ldap authentication ?

  Here is what I have in my httpd.conf :

  <Location "/cgi-bin/BackupPC_Admin">
     AuthType Basic
     AuthName "BackupPC"
     AuthLDAPGroupAttributeIsDN off
     AuthLDAPGroupAttribute memberUid
     AuthLDAPURL ldap://ldap.example.com/dc=example,dc=com
     require group cn=Admins,ou=Groups,dc=example,dc=com
  </Location>

  Dale

  From: D P 
  Sent: Tuesday, April 15, 2008 1:23 AM
  To: bac...@li... 
  Subject: [BackupPC-users] Backup PC Ldap groups.

  I'm trying to populate config.pl with the following.

  $Conf{CgiAdminUsers} = '';
  {
          my @ldapresults = `ldapsearch -x -P2 -b ou=SOMEGROUP,ou=SOMEDIVISION group='BackupPCAdmin' objectclass=webuser`;
          die "ldapsearch failed: $!" unless $0 == 0;
          my $ldapgroup = join (' ', grep { defined $_ } map{ m/username=([^,]+)/; $1 } @ldapresults);
          $Conf{CgiAdminUsers} = $ldapgroup;
  }

  Basically its a way of determining administration users via LDAP but it fails with the following error.

  Error: Unable to read config.pl or language strings!!

  Is there a way to make this work or is there some other facility to use?

  -Dex

------------------------------------------------------------------------------

  -------------------------------------------------------------------------
  This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
  Don't miss this year's exciting event. There's still time to save $100. 
  Use priority code J8TL2D2. 
  http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone 

------------------------------------------------------------------------------

  _______________________________________________
  BackupPC-users mailing list
  Bac...@li...
  List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
  Wiki:    http://backuppc.wiki.sourceforge.net
  Project: http://backuppc.sourceforge.net/