httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 42561] [PATCH] AuthLDAPRemoteUserAttribute only applies in the authn stage
Date Tue, 07 Sep 2010 18:40:51 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=42561

Jean-Yves Avenard <reg-jya-apache@hydrix.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #8 from Jean-Yves Avenard <reg-jya-apache@hydrix.com> 2010-09-07 14:40:49
EDT ---
Here is a version against 2.2 correcting some bugs and issues earlier
mentioned.

I also added two new directives:

-AuthLDAPRemoteFirstUserAttribute: By default, when using a remote user
attribute, if there is more than one attributes of the same kind,
mod_authnz_ldap returns as string made of all the attributes separated by a ";
".
This can have some unwanted effects, for example. Apple's MacOS 10.6 Open
Directory stores users and user aliases in LDAP as:
dn: uid=jeanyves_avenard,cn=users,dc=m,dc=hydrix,dc=com
uid: jeanyves_avenard
uid: jean-yves.avenard
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: apple-user
objectClass: extensibleObject
objectClass: organizationalPerson
objectClass: top
objectClass: person
remote_user attribute would therefore contain: "jeanyves_avenard;
jean-yves.avenard" which is of no use.
When AuthLDAPRemoteFirstUserAttribute is set, then only the first attribute
will be returned.

-AuthzLDAPRemoteUserAttribute: By default, the custom user attribute is only
use for authentication. When AuthzLDAPRemoteUserAttribute is set, it will also
be be used during authorisation.

Cheers
Jean-Yves
Hydrix

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message