From bb215d0900e778796f9307a5f960db4f58c9ec94 Mon Sep 17 00:00:00 2001 From: Georgi Georgiev Date: Fri, 14 Apr 2023 17:59:57 +0900 Subject: [PATCH 1/2] Add the missing mod_authnz_ldap parameters This is the full list from https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html Following the current style of CamelCase -> snake_case --- templates/vhost/_directories.erb | 60 ++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index b63b7ff49f..f4eb945042 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -305,6 +305,66 @@ <%- if directory['auth_ldap_group_attribute_is_dn'] == 'on' -%> AuthLDAPGroupAttributeIsDN On <%- end -%> + <%- if directory['auth_ldap_initial_bind_pattern'] -%> + AuthLDAPInitialBindPattern <%= directory['auth_ldap_initial_bind_pattern'] %> + <%- end -%> + <%- if directory['auth_ldap_bind_as_user'] == 'off' -%> + AuthLDAPInitialBindAsUser Off + <%- end -%> + <%- if directory['auth_ldap_bind_as_user'] == 'on' -%> + AuthLDAPInitialBindAsUser On + <%- end -%> + <%- if directory['auth_ldap_compare_as_user'] == 'off' -%> + AuthLDAPCompareAsUser Off + <%- end -%> + <%- if directory['auth_ldap_compare_as_user'] == 'on' -%> + AuthLDAPCompareAsUser On + <%- end -%> + <%- if directory['auth_ldap_search_as_user'] == 'off' -%> + AuthLDAPSearchAsUser Off + <%- end -%> + <%- if directory['auth_ldap_search_as_user'] == 'on' -%> + AuthLDAPSearchAsUser On + <%- end -%> + <%- if directory['auth_ldap_bind_authoritative'] == 'off' -%> + AuthLDAPBindAuthoritative Off + <%- end -%> + <%- if directory['auth_ldap_bind_authoritative'] == 'on' -%> + AuthLDAPBindAuthoritative On + <%- end -%> + <%- if directory['auth_ldap_authorize_prefix'] -%> + AuthLDAPAuthorizePrefix <%= directory['auth_ldap_authorize_prefix'] %> + <%- end -%> + <%- if directory['auth_ldap_charset_config'] -%> + AuthLDAPCharsetConfig <%= directory['auth_ldap_charset_config'] %> + <%- end -%> + <%- if directory['auth_ldap_compare_dn_on_server'] == 'off' -%> + AuthLDAPCompareDNOnServer Off + <%- end -%> + <%- if directory['auth_ldap_compare_dn_on_server'] == 'on' -%> + AuthLDAPCompareDNOnServer On + <%- end -%> + <%- if directory['auth_ldap_dereference_aliases'] -%> + AuthLDAPDereferenceAliases <%= directory['auth_ldap_dereference_aliases'] %> + <%- end -%> + <%- if directory['auth_ldap_max_sub_group_depth'] -%> + AuthLDAPMaxSubGroupDepth <%= directory['auth_ldap_max_sub_group_depth'] %> + <%- end -%> + <%- if directory['auth_ldap_remote_user_attribute'] -%> + AuthLDAPRemoteUserAttribute <%= directory['auth_ldap_remote_user_attribute'] %> + <%- end -%> + <%- if directory['auth_ldap_remote_user_is_dn'] == 'off' -%> + AuthLDAPRemoteUserIsDN Off + <%- end -%> + <%- if directory['auth_ldap_remote_user_is_dn'] == 'on' -%> + AuthLDAPRemoteUserIsDN On + <%- end -%> + <%- if directory['auth_ldap_sub_group_attribute'] -%> + AuthLDAPSubGroupAttribute <%= directory['auth_ldap_sub_group_attribute'] %> + <%- end -%> + <%- if directory['auth_ldap_sub_group_class'] -%> + AuthLDAPSubGroupClass <%= directory['auth_ldap_sub_group_class'] %> + <%- end -%> <%- if directory['fallbackresource'] -%> FallbackResource <%= directory['fallbackresource'] %> <%- end -%> From c99d969a45ac10911270c97a72a2c20ec5ede603 Mon Sep 17 00:00:00 2001 From: Georgi Georgiev Date: Thu, 20 Apr 2023 15:03:02 +0900 Subject: [PATCH 2/2] Simplify the syntax for boolean arguments As suggested by @ekohl during review. --- templates/vhost/_directories.erb | 49 +++++++++----------------------- 1 file changed, 14 insertions(+), 35 deletions(-) diff --git a/templates/vhost/_directories.erb b/templates/vhost/_directories.erb index f4eb945042..7447e48e1b 100644 --- a/templates/vhost/_directories.erb +++ b/templates/vhost/_directories.erb @@ -299,38 +299,23 @@ AuthLDAPGroupAttribute <%= groupattr %> <%- end -%> <%- end -%> - <%- if directory['auth_ldap_group_attribute_is_dn'] == 'off' -%> - AuthLDAPGroupAttributeIsDN Off - <%- end -%> - <%- if directory['auth_ldap_group_attribute_is_dn'] == 'on' -%> - AuthLDAPGroupAttributeIsDN On + <%- unless directory['auth_ldap_group_attribute_is_dn'].nil? -%> + AuthLDAPGroupAttributeIsDN <%= scope.call_function('apache::bool2httpd', [ directory['auth_ldap_group_attribute_is_dn'] ]) %> <%- end -%> <%- if directory['auth_ldap_initial_bind_pattern'] -%> AuthLDAPInitialBindPattern <%= directory['auth_ldap_initial_bind_pattern'] %> <%- end -%> - <%- if directory['auth_ldap_bind_as_user'] == 'off' -%> - AuthLDAPInitialBindAsUser Off - <%- end -%> - <%- if directory['auth_ldap_bind_as_user'] == 'on' -%> - AuthLDAPInitialBindAsUser On - <%- end -%> - <%- if directory['auth_ldap_compare_as_user'] == 'off' -%> - AuthLDAPCompareAsUser Off - <%- end -%> - <%- if directory['auth_ldap_compare_as_user'] == 'on' -%> - AuthLDAPCompareAsUser On + <%- unless directory['auth_ldap_bind_as_user'].nil? -%> + AuthLDAPInitialBindAsUser <%= scope.call_function('apache::bool2httpd', [ directory['auth_ldap_bind_as_user'] ]) %> <%- end -%> - <%- if directory['auth_ldap_search_as_user'] == 'off' -%> - AuthLDAPSearchAsUser Off + <%- unless directory['auth_ldap_compare_as_user'].nil? -%> + AuthLDAPCompareAsUser <%= scope.call_function('apache::bool2httpd', [ directory['auth_ldap_compare_as_user'] ]) %> <%- end -%> - <%- if directory['auth_ldap_search_as_user'] == 'on' -%> - AuthLDAPSearchAsUser On + <%- unless directory['auth_ldap_search_as_user'].nil? -%> + AuthLDAPSearchAsUser <%= scope.call_function('apache::bool2httpd', [ directory['auth_ldap_search_as_user'] ]) %> <%- end -%> - <%- if directory['auth_ldap_bind_authoritative'] == 'off' -%> - AuthLDAPBindAuthoritative Off - <%- end -%> - <%- if directory['auth_ldap_bind_authoritative'] == 'on' -%> - AuthLDAPBindAuthoritative On + <%- unless directory['auth_ldap_bind_authoritative'].nil? -%> + AuthLDAPBindAuthoritative <%= scope.call_function('apache::bool2httpd', [ directory['auth_ldap_bind_authoritative'] ]) %> <%- end -%> <%- if directory['auth_ldap_authorize_prefix'] -%> AuthLDAPAuthorizePrefix <%= directory['auth_ldap_authorize_prefix'] %> @@ -338,11 +323,8 @@ <%- if directory['auth_ldap_charset_config'] -%> AuthLDAPCharsetConfig <%= directory['auth_ldap_charset_config'] %> <%- end -%> - <%- if directory['auth_ldap_compare_dn_on_server'] == 'off' -%> - AuthLDAPCompareDNOnServer Off - <%- end -%> - <%- if directory['auth_ldap_compare_dn_on_server'] == 'on' -%> - AuthLDAPCompareDNOnServer On + <%- unless directory['auth_ldap_compare_dn_on_server'].nil? -%> + AuthLDAPCompareDNOnServer <%= scope.call_function('apache::bool2httpd', [ directory['auth_ldap_compare_dn_on_server'] ]) %> <%- end -%> <%- if directory['auth_ldap_dereference_aliases'] -%> AuthLDAPDereferenceAliases <%= directory['auth_ldap_dereference_aliases'] %> @@ -353,11 +335,8 @@ <%- if directory['auth_ldap_remote_user_attribute'] -%> AuthLDAPRemoteUserAttribute <%= directory['auth_ldap_remote_user_attribute'] %> <%- end -%> - <%- if directory['auth_ldap_remote_user_is_dn'] == 'off' -%> - AuthLDAPRemoteUserIsDN Off - <%- end -%> - <%- if directory['auth_ldap_remote_user_is_dn'] == 'on' -%> - AuthLDAPRemoteUserIsDN On + <%- unless directory['auth_ldap_remote_user_is_dn'].nil? -%> + AuthLDAPRemoteUserIsDN <%= scope.call_function('apache::bool2httpd', [ directory['auth_ldap_remote_user_is_dn'] ]) %> <%- end -%> <%- if directory['auth_ldap_sub_group_attribute'] -%> AuthLDAPSubGroupAttribute <%= directory['auth_ldap_sub_group_attribute'] %>