ruby Rails Passenger apache2 在 httpd.conf 中使用基本 LDAP 身份验证
我有一个网站,我想强制用户通过 LDAP 登录才能看到网站的首页。这适用于通用网页,但不适用于在 apache2 上运行乘客的 Rails 站点。我见过一些参考资料,这是因为乘客不遵守目录命令(或在到达该指令之前接听)。有没有办法做到这一点,或者我是否需要向网站添加设备?
<VirtualHost *:80>
ServerName test.example.com
DocumentRoot "/www/software/rails_site/current/public"
ErrorLog "/www/logs/software/rails_site/error_log"
CustomLog "/www/logs/software/rails_site/access_log" common
DirectoryIndex index.html
RailsEnv production
<Directory "/www/software/rails_site/current/public">
AuthType Basic
AuthName "Secure portal"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "info"
AuthLDAPBindPassword "pass"
require ldap-user usernames
Order deny,allow
Satisfy Any
</Directory>
</VirtualHost>
上述内容不会阻止网站加载,也不会在首次尝试加载网站时造成任何挑战。
I have a site that I want to force a user to log in via LDAP before they can see the front page of the website. This works with generic webpages fine, but doesn't work with a rails site running passenger on apache2. I've seen some references that this is because passenger doesn't respect the Directory command (or picks up before it gets to that directive). Is there a way to make this happen or do I need to add devise to the site instead?
<VirtualHost *:80>
ServerName test.example.com
DocumentRoot "/www/software/rails_site/current/public"
ErrorLog "/www/logs/software/rails_site/error_log"
CustomLog "/www/logs/software/rails_site/access_log" common
DirectoryIndex index.html
RailsEnv production
<Directory "/www/software/rails_site/current/public">
AuthType Basic
AuthName "Secure portal"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "info"
AuthLDAPBindPassword "pass"
require ldap-user usernames
Order deny,allow
Satisfy Any
</Directory>
</VirtualHost>
The above doesn't prevent the site from loading or do any challenge when first trying to load the site.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试将身份验证指令放置在位置而不是目录中,以便传入的 URI 首先触发它们。显然,Passenger 具有与目录指令相关的操作顺序。
这篇旧文章证实了您尝试做的事情(至少过去是)可能的:
http://groups.google.com/group/phusion-passenger/browse_thread/thread/bb0ccee6b4a45bc0/429a34fb66dbde6d
Try placing the authentication directives inside a Location instead of a Directory so that they will be triggered first by the incoming URI. Apparently Passenger has an order of operations associated with Directory directives.
This old post confirms that what you're trying to do (at least used to be) possible:
http://groups.google.com/group/phusion-passenger/browse_thread/thread/bb0ccee6b4a45bc0/429a34fb66dbde6d