httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51005] New: Allow to use username in LDAP filter
Date Fri, 01 Apr 2011 09:30:00 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51005

           Summary: Allow to use username in LDAP filter
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_authn_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: julien@danjou.info


Currently, the filter given in AuthLDAPURL abuse the RFC by using the attribute
to match the username provided. This does not allow more complex search filter.

The attached patch replaces %u in the filter string by the provided username,
so one can check for more complicated things like:

  ldap://ldap.example.com/ou=users,o=easter-eggs??base?(mail=%u@example.com)

Please note that this patch does not modify the current behaviour and is
backward compatible.

Something that can be enhanced is the use of 'attribute' in the filter based on
its presence in the URL or not. Currently, the documentation says it's set to
uid by default, which is a problem if you do no want to use the default filter.
I though about ignoring attribute if it's not present, but that might break
compatibility. I'm fine with my patch's approach, but if you think another one
is better, just tell me, I'll rework the patch.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message