mod_auth_oid

mod_auth_oid_file
 

mod_auth_oid_file is an Apache 2.2 module implementing an OpenID to local user id mapping which may be used with mod_auth_oid. It features a simple plain text file which is used to store OpenIDs and the corresponding local user names as simple name/value pairs separated by a '=' (one name/value pair per line). The module automatically register to mod_auth_oid when loaded.

Base Settings

  • AOID_File_DB <path>
    Specifies the path to the database file. Directive is only valid within the scope of the base of virtual host it has been defined. The same file may be used for multiple virtual hosts within one Apache instance (don't share a file within multiple Apache server instances/processes). The module is enabled by this directive.
  • AOID_DB_Delimiter <delimiter>
    This optional setting allows to set a specific delimiter in the database file, instead of the default delimiter. As with release 2.0 of mod_auth_openid_file, the default-delimiter was changed from '=' to ' '. To ensure backward compatibility with your database files which were created before release 2.0, set the delimiter to AOID_DB_Delimiter =.

Example

Example database file: 
https://me.yahoo.com/bob=bobwhite
https://me.yahoo.com/alice=alicebrown
https://me.yahoo.com/carol=carolgreen
http://dave.myopenid.com/=daveblack
https://me.yahoo.com/bigadmin=administrator

Administration

mod_auth_oid_file provides a handler which allows you to edit the database file via a simple Web front-end.

  • AOID_File_AdminPage <path>
    The handler uses a HTML file which contains a form and the special marker ##AOID_TABLE##. This marker is replaced by a list (two column HTML table elements) of input fields to edit the user mapping information. The first column (oid<suffix>="<openid>") contains the OpenID and the second (local<suffix>="<local id>") the local user id.
    The maker ##ERROR_NOTES## may be used to display error messages to the user.
  • AOID_File_UserOnly on|off
    Restricts administration of entries to the users local id only. This means that an authenticated user may add/edit/remove mapping entries matching his local user id only. Default is off.
    You may call the handler providing the request query get_openid_identifier specifiying an OpenID provider to start automatic OpenID discovery.
Sample Apache configuration: 

# Apache requires write access to the database file if you want to administrate it
# using the Web front-end.
AOID_File_DB              /usr/local/apache2/auth/mapdb

# Optional, enable to set backward-compatible delimiter in database files.
# AOID_DB_Delimiter       =

# Define the HTML page used by the administration handler:
AOID_File_AdminPage       /usr/local/apache2/htdocs/file_mapper.html

# Locatin where the administrator may add/edit/remove any mapping entry:
<Location /admin>
   # Enable the administration handler:
   SetHandler             auth-oid-file
   # Don't forget to configure access control for this location! Users having access
   # to this handler may add/edit/remove any account mapping entry.
   Require                user carolgreen
</Location>

# Location where an individual user may edit the mapping entries for his local user id:
<Location /profile>
   # Enable the administration handler:
   SetHandler             auth-oid-file
   Require                valid-user
   # User may edition only his own entries:
   AOID_File_UserOnly     on
   # Enable mod_parp:
   SetEnvIf               Request_Method GET  parp
   SetEnvIf               Request_Method POST parp
</Location>


mod_auth_oid at SourceForge.net © 2009-2012, Pascal Buchbinder/Christoph Steigmeier