<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"> <head> <meta name="generator" content= "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org" /> <title>Lemonldap::NG documentation: 4.5-Multiple-authentication-backend.html</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <style type="text/css"> /*<![CDATA[*/ body{ background: #ddd; font-family: sans-serif; font-size: 11pt; padding: 0 50px; } div.main-content{ padding: 10px; background: #fff; border: 2px #ccc solid; } a{ text-decoration: none; } p.footer{ text-align: center; margin: 5px 0 0 0; } .heading-1{ text-align: center; color: orange; font-variant: small-caps; font-size: 20pt; } .heading-1-1{ color: orange; font-size: 14pt; border-bottom: 2px #ccc solid; } pre{ background: #eee; border: 2px #ccc solid; padding: 5px; border-left: 10px #ccc solid; } ul.star li{ list-style-type: square; } /*]]>*/ </style> </head> <body> <div class="main-content"> <h2 class="heading-1"><span id="HMultipleauthenticationbackend">Multiple authentication backend</span></h2> <p class="paragraph"></p> <ul> <li><a href="#HPresentation">Presentation</a></li> <li><a href="#HConfiguration">Configuration</a></li> <li> <a href="#HKnownproblems">Known problems</a> <ul> <li><a href="#HAuthApacheauthentication">AuthApache authentication</a></li> <li><a href="#HSSLauthentication">SSL authentication</a></li> </ul> </li> <li><a href="#HSeealso">See also</a></li> </ul> <h3 class="heading-1-1"><span id="HPresentation">Presentation</span></h3> <p class="paragraph"></p>This backend allows to chain authentication method, for example to failback to LDAP authentication if Remote authentication failed… <h3 class="heading-1-1"><span id= "HConfiguration">Configuration</span></h3> <p class="paragraph"></p>You have to use "Multi" as authentication scheme. This scheme expect a parameter, which is the authentication chain. <p class="paragraph"></p>For example: <div class="code"> <pre> authentication => 'Multi CAS;LDAP', </pre> </div><br /> <br /> If CAS failed, LDAP will be used.<br /> <br /> You can also add a condition. Example: <div class="code"> <pre> authentication => 'Multi Remote $ENV{REMOTE_ADDR}=~/^192/;LDAP $ENV{REMOTE_ADDR}!~/^192/' </pre> </div> <h3 class="heading-1-1"><span id="HKnownproblems">Known problems</span></h3> <h4 class="heading-1-1-1"><span id="HAuthApacheauthentication">AuthApache authentication</span></h4><br /> <br /> When using this module, Lemonldap::NG portal will be called only if Apache does not return "401 Authentication required", but this is not the Apache behaviour: if the auth module fails, Apache returns 401. We're studying a future solutuion for this… <h4 class="heading-1-1-1"><span id="HSSLauthentication">SSL authentication</span></h4><br /> <br /> To chain SSL, you have to set "SSLRequire optional" in Apache configuration, else users will be authenticated by SSL only. <h3 class="heading-1-1"><span id="HSeealso">See also</span></h3> <ul class="star"> <li><span class="wikilink"><a href= "4.1-Configuration-parameter-list.html">Config Parameter List</a></span></li> <li><span class="wikilink"><a href="4.6-Multiple-user-backend.html">User DBMulti</a></span></li> </ul> </div> <p class="footer"><a href="index.html">Index</a></p> </body> </html>