Finally i found a solution to use the user-groups for authentication!
Goal: Use Unixgroups that can be configured using SME-Server-Manager.
Problem: Apache and SME-Server don´t have a solution to check group membership out of the box.
Problem2: LDAP not fully integrated into SME, so it´s not usable for this purpose.
Solution:
Step 1 - get unixgroup check script
Go to
http://www.unixpapa.com/pwauth/ and download the latest pwauth-2.3.3.tar.gz.
Untar it into directory of your choice. we use only the unixgroup script.
# cd /root
# mkdir pwauth
# cd pwauth
# wget http://www.unixpapa.com/software/pwauth-2.3.3.tar.gz
# tar -xvzf pwauth-2.3.3.tar.gz
# cd pwauth-2.3.3
# chown root:root unixgroup
# chmod 755 unixgroup
# cp unixgroup /usr/bin/
Step2 - configure Apache
in the httpd.conf file you need:
AddExternalGroup ugroup /usr/bin/unixgroup
SetExternalGroupMethod ugroup environment
PER VIRTUAL HOST!!!!!
Not at the beginning of the file!! (found out the hard way...)
So a solution would be:
in /etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/
# cd /etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/
# touch 33GroupAuth
# echo "\$OUT .= '
AddExternalGroup ugroup /usr/bin/unixgroup
SetExternalGroupMethod ugroup environment';" >33GroupAuth
# expand-template /etc/httpd/conf/httpd.conf
# /etc/init.d/httpd-e-smith graceful
After that you are able to check for group membership using following code in .htaccess-Files:
(be sure that you are allowed to "AllowOverride AuthConfig" in your directory-rule from apache.
AuthName "mySite"
AuthType Basic
AuthExternal pwauth
GroupExternal ugroup
Require group mygroup
Satisfy all
After that you are able to check for group-membership.
Regards!