httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 42561] [PATCH] AuthLDAPRemoteUserAttribute only applies in the authn stage
Date Tue, 07 Sep 2010 18:40:51 GMT

Jean-Yves Avenard <> changed:

           What    |Removed                     |Added
             Status|NEEDINFO                    |NEW

--- Comment #8 from Jean-Yves Avenard <> 2010-09-07 14:40:49
EDT ---
Here is a version against 2.2 correcting some bugs and issues earlier

I also added two new directives:

-AuthLDAPRemoteFirstUserAttribute: By default, when using a remote user
attribute, if there is more than one attributes of the same kind,
mod_authnz_ldap returns as string made of all the attributes separated by a ";
This can have some unwanted effects, for example. Apple's MacOS 10.6 Open
Directory stores users and user aliases in LDAP as:
dn: uid=jeanyves_avenard,cn=users,dc=m,dc=hydrix,dc=com
uid: jeanyves_avenard
uid: jean-yves.avenard
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: apple-user
objectClass: extensibleObject
objectClass: organizationalPerson
objectClass: top
objectClass: person
remote_user attribute would therefore contain: "jeanyves_avenard;
jean-yves.avenard" which is of no use.
When AuthLDAPRemoteFirstUserAttribute is set, then only the first attribute
will be returned.

-AuthzLDAPRemoteUserAttribute: By default, the custom user attribute is only
use for authentication. When AuthzLDAPRemoteUserAttribute is set, it will also
be be used during authorisation.


Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message