From c6ecedf943c1cc78b71ca2e2d5f799c0056fc10d Mon Sep 17 00:00:00 2001
From: Dobrica Pavlinusic <dpavlin@rot13.org>
Date: Fri, 23 Mar 2018 17:52:09 +0100
Subject: [PATCH] add htpasswd and ldap autorization

---
 ssl.conf | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/ssl.conf b/ssl.conf
index a37752e..9f4328f 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -3,3 +3,25 @@
 	SSLCertificateFile	/etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/cert.pem
 	SSLCertificateKeyFile	/etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/privkey.pem
 	SSLCertificateChainFile	/etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/chain.pem
+
+<Location />
+
+	Order deny,allow
+	# allow local subnets
+	Allow from 193.198.212 193.198.213 193.198.214 193.198.215 
+	deny from all
+	# file is htpasswd as first try and ldap as second
+	AuthBasicProvider file ldap
+	AuthType basic
+	AuthUserFile /data/proxy/.htpasswd
+	AuthName "[ UPUTA: za pristup se koristi AAI korisnicki racun dobiven na FFZG. ]"
+
+	AuthLDAPURL "ldaps://ldap.ffzg.hr/dc=ffzg,dc=hr?hrEduPersonUniqueID?"
+
+	Require valid-user 
+	satisfy any
+
+</Location>
+
+# don't pass through authorization header!
+RequestHeader unset Authorization
-- 
2.20.1