Saturday, November 5, 2016

Wordpress Multisite and Apache LDAP Auth with Certain Site Exceptions

So I ran into a situation that had me stumped for a couple of days with one of our Wordpress Multisite installations. We needed to have Apache 2.4 provide Active Directory basic auth over the entire installation with the exception of a few individual sites we wanted to have public access to. We also needed to have the whole installation open to our internal local networks.

The stumbling block was that Wordpress does redirects on the site URL's which interferes with how Apache can apply it's authorization logic. In the end I needed 2 directives in my conf file.

Require env NOAUTH
Require env REDIRECT_NOAUTH


So let's say my site installation was http://wordpress.mydomain.com and I had 500 subfolder sites ie:

http://wordpress.mydomain.com/private01
http://wordpress.mydomain.com/private02
http://wordpress.mydomain.com/public01
http://wordpress.mydomain.com/public02
etc.....

and I needed to have only the 2 public01 & public02 sites be open with no password protection but all the other sites needed to be password protected against our internal Active Directory servers. I also needed to make sure that our local subnets were not prompted for passwords.

Here are the relevant apache 2.4 config entries

# These 2 url paths are public, no password required
SetEnvIfNoCase REQUEST_URI /public01 NOAUTH
SetEnvIfNoCase REQUEST_URI /public02 NOAUTH

# These 3 subnets are local, no passwords are required
# We use X-Forwarded-For since we use proxy servers behind load balance systems
SetEnvIf X-Forwarded-For ^10\.1\. NOAUTH
SetEnvIf X-Forwarded-For ^10\.2\. NOAUTH
SetEnvIf X-Forwarded-For ^10\.3\. NOAUTH

Require env NOAUTH
Require env REDIRECT_NOAUTH
Require valid-user



The most important line of all of this for me was

Require env REDIRECT_NOAUTH

This is what made it work with Wordpress but this line by itself is not enough, you need both of the Require env NOAUTH  lines to make it all work.

Here is the complete apache 2.4 conf file for reference

 <VirtualHost *:80>  
     ServerAdmin webmaster@mydomain.com  
     ServerName mydomain.com  
     ServerAlias blogs.mydomain.com  
     DocumentRoot /www/wordpress  
     # These 2 url paths are public, no password required  
     SetEnvIfNoCase REQUEST_URI /public01 NOAUTH  
     SetEnvIfNoCase REQUEST_URI /public02 NOAUTH  
     # These 3 subnets are local, no passwords are required  
     SetEnvIf X-Forwarded-For ^10\.1\. NOAUTH  
     SetEnvIf X-Forwarded-For ^10\.2\. NOAUTH  
     SetEnvIf X-Forwarded-For ^10\.3\. NOAUTH  
     <Directory /www/wordpress/ >  
       AllowOverride All  
       AuthName "Please enter your name & password"  
       AuthType Basic  
       AuthBasicProvider ldap  
       AuthUserFile /dev/null  
       AuthLDAPURL "ldap://adserver.mydomain.com/OU=Users,DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=user)"  
       AuthLDAPBindDN "CN=LDAP User Account,OU=Users,DC=mydomain,DC=com"  
       AuthLDAPBindPassword "ldapuserpassword"  
       <RequireAny>  
        Require env NOAUTH  
        Require env REDIRECT_NOAUTH  
        Require valid-user  
       </RequireAny>  
     </Directory>  
 </VirtualHost>  


This stumped me for 2 days so I hope somebody else will find this useful and save them some time searching for an answer to this problem.

--















Thursday, September 29, 2016

Mt Langley / Miter Basin / Cottonwood Lakes 4 Day Backpack Trip

4 Day Backpack Trip with Tom, about 34 miles total. We started in Horseshoe Meadows, spent the 1'st night at Cottonwood Lakes 4/5. Next day headed up Old Army Pass to summit Mt Langley and then down to Upper Soldier Lake for night 2. On the 3rd day we explored Miter Basin, Sky Blue Lake and then headed down Rock Creek to spend night 3 at Lower Soldier Lake. Day 4 we hiked out via the PCT and Chicken Spring Lake.

All photos were taken with my old Canon S95 point'n shoot camera in jpg format. Panorama's created with Autopano Giga software.


GPS Track Log


Cottonwood Lakes area


Cottonwood Lake #3


Cottonwood Lakes 4 & 5. This is looking down from Old Army Pass


Saw quite a few Bighorn Sheep around the 12,000' range as we summited Mt Langley






Bighorn Sheep heading down towards Upper Soldier Lake


One of the new large cairn's built to summit Mt Langley


Looking straight down from the top of Mt Langley, what is that, about 1,000' straight down? Not for those afraid of heights!


Looking at Mt Whitney from the top of Mt Langley


Tom coming down the ravine to Upper Soldier Lake


Upper Soldier Lake


Is this a baby marmot?? Totally wrong time of year if so, maybe one of you reading this knows? Please let me know if you can identify this little baby creature


Lodgepole Chipmunk


The Mighty Miter Basin area


Looking down at Lower Soldier Lake


Very pretty unnamed lake in Miter Basin


Tom in Miter Basin (The Miter in the left background)


Sky Blue Lake


Sky Blue Lake panorama


Miter Basin


Marmot Scat


Still some pretty flowers in Miter Basin


This is heading down Rock Creek


Beautiful Rock Creek


Sierra Tree Frog


Rock Creek area looking back at the Miter Basin area


Looking out over Big Whitney Meadow and Kern Peak in the far distance







Monday, July 4, 2016

Bighorn Sheep Census Count 2016 ABDSP

Annual ABDSP Bighorn Sheep Census Count happened this July 1'st - 3rd. I counted at Rattlesnake Spring again with a total of 40 unique sheep, thatis about 50% of our normal count numbers. Temperatures were much lower this year so the sheep seemed to just not be very thirsty. I opted out of bringing my digital camera and 600mm lens this year and instead took a trail camera. Here is my lame attempt at making a video from the hundreds of movie clips and photos it captured over the course of 3 days in triple digit temps....enjoy!

BTW, Total Mylar balloons this trip - 1 right at our count site!










--