/usr/share/oar/oar-api/apache2.conf is in oar-restful-api 2.5.2-4.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | # Example Apache2 configuration for the OAR API
# Aliases to the API.
# Be aware that the oarapi directory should only be readable by the httpd
# daemon and that the cgi inside are sgid oar. Any change to this permissions
# may cause your system to be vulnerable.
ScriptAlias /oarapi /usr/lib/cgi-bin/oarapi/oarapi.cgi
ScriptAlias /oarapi-debug /usr/lib/cgi-bin/oarapi/oarapi-debug.cgi
# FastCGI server
<IfModule mod_fastcgi.c>
FastCgiServer /usr/lib/cgi-bin/oarapi/oarapi.cgi
</IfModule>
# Authentication configuration for access to the API
<Directory /usr/lib/cgi-bin/oarapi>
Options ExecCGI -MultiViews FollowSymLinks
# FastCGI handler
<IfModule mod_fastcgi.c>
AddHandler fcgid-script .cgi
</IfModule>
# Deny access by default, except from localhost
Order deny,allow
Deny from all
#Allow from trusted.host.mydomain
Allow from localhost
Allow from localhost.localdomain
# Pidentd may be useful for testing without a login/passwd or when you
# fully trust some hosts (ie users have no way to fake their login name).
# Ident trust may be disabled into the api itself.
<IfModule ident_module>
IdentityCheck On
<IfModule headers_module>
# Set the X-REMOTE_IDENT http header value to REMOTE_IDENT env value
RequestHeader set X_REMOTE_IDENT %{REMOTE_IDENT}e
# or For https:
#RequestHeader set X_REMOTE_IDENT %{REMOTE_IDENT}s
# Or if it doesn't work, enable mod_rewrite and try this:
<IfModule rewrite_module>
RewriteEngine On
RewriteCond %{REMOTE_IDENT} (.*)
RewriteRule .* - [E=MY_REMOTE_IDENT:%1]
RequestHeader add X-REMOTE_IDENT %{MY_REMOTE_IDENT}e
</IfModule>
</IfModule>
</IfModule>
# Ldap auth, except for some local hosts that we trust with pident.
# In this example, we suppose that the users have an ldap account
# common to the authentication used by the oar server.
<IfModule authnz_ldap_module>
AuthType basic
AuthBasicProvider ldap
AuthName "Authorized Users Only"
AuthzLDAPAuthoritative off
AuthLDAPURL "ldaps://myldaphost.mydomain/dc=mydomain,dc=fr?uid?sub?(objectClass=posixAccount)"
Require valid-user
Satisfy any
</IfModule>
</Directory>
|