Re: mod_authnz_ldap AUTHENTICATE_* Env variables ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Eric Covener wrote:

On Jan 31, 2008 12:59 PM, Eric Covener <covener@xxxxxxxxx> wrote:

On Jan 31, 2008 12:16 PM, jehan procaccia
<jehan.procaccia@xxxxxxxxxxxxxx> wrote:


I do enter in mod_auth_cas for authn, then authz is supposed to be
carried out from mod_authnz_ldap,

Peaking at the source, it looks like mod_authnz_ldap only sets this
when it authenticates (checks the password) for a request, and not
when it does authorization (checks a Require)




Which is vacuously true of mod_authn_dbd (emphasis on authn).  Looks
like a doc bug or a feature request :/
I confirm that I get the env variable when using pure mod_authzn_ldap config, exemple: 

<Directory /var/www/html/jehan/cgi3/>
AuthType Basic
 AuthName "calaz"
 AuthBasicProvider "ldap"
AuthLDAPUrl "ldap://calaz.int-evry.fr/dc=int-evry,dc=fr?uid,mail,cn,eduPersonAffiliation"; 
 authzldapauthoritative Off
 require valid-user

ldap logs when connecting
Feb 5 12:12:38 localhost slapd[16931]: conn=3 op=1 SRCH attr=uid mail cn eduPersonAffiliation 

printenv.pl do show among others:
AUTHENTICATE_EDUPERSONAFFILIATION --> employee
AUTHENTICATE_MAIL --> test.test@xxxxxxxxxx
AUTHENTICATE_CN --> test Test
But as soon as I cascade our mod_auth_cas SSO authn module , I loose these AUTHENTICATE_* env variables :-( . 

##AuthType Basic
##  AuthName "calaz"
AuthType CAS
AuthName "CAS SSO"
AuthLDAPUrl "ldap://calaz.int-evry.fr/dc=int-evry,dc=fr?uid,mail,cn,eduPersonAffiliation"; 
 authzldapauthoritative Off
 require valid-user

I do see the ldap request:
Feb 5 12:20:07 localhost slapd[16931]: conn=5 op=1 SRCH attr=uid mail cn eduPersonAffiliation 

but attributes are not available in http env variable anymore .
Is there a way to get these variable AUTHENTICATE_* with an other authn module ? 

Thanks.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux