Hi all,
I've been asked to provide a proxy that authenticates users against
our LDAP tree, and then proxies their requests to an external system
that requires a different password (for the same user). I can do this
with a hardcoded username/password for the external system like this:
AuthType Basic
AuthName "LDAP Authentication"
AuthLDAPURL ldap://ldap/o=users?cn?sub?(objectclass=Person)
AuthLDAPBindDN ldap-admin-user
AuthLDAPBindPassword ldap-admin-pass
require valid-user
SetEnv OurAuthHeader "Basic VDEyNjcwOnM5MzdDMQ=="
RequestHeader set Authorization "%{OurAuthHeader}e"
ProxyPass http://other-system/
ProxyPassReverse http://other-system/
But what I would like to do is write something to set the value of
OurAuthHeader based on the currently logged in user (ie lookup the
current user's password for the external system and generate an auth
header based on that).
I've tried doing this with a filter, but can't even get a basic filter working:
PerlModule Apache::AuthFilter
PerlInputFilterHandler Apache::AuthFilter
with the AuthFilter.pm:
sub handler : FilterConnectionHandler {
print STDERR "test\n";
Apache::Const::OK;
}
1;
This just drops the connection as soon as I make the request.
Obviously the above does nothing, I would like to change it to replace
the hardcoded "OurAuthHeader" value.
I've been looking at http://modperlbook.org/html/ch25_03.html and
trying to learn what I can, but am not having much luck. I'm also
restricted to mod_perl 1.99 which rules out a couple of other options
I've found. Does anyone have any suggestions for me?
cheers,
dim
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|