httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51322] New: Prepend and append string to LDAP search parameter
Date Sat, 04 Jun 2011 23:06:04 GMT

             Bug #: 51322
           Summary: Prepend and append string to LDAP search parameter
           Product: Apache httpd-2
           Version: 2.2.17
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_auth_ldap
    Classification: Unclassified

While trying to setup my Apache web server for LDAP authentication against an
OpenLDAP database, I discovered that there is a lack of required syntax for my
needs. Most all LDAP-aware applications how some method of specifying
additional characters to be added before or after the search parameter. Take my
setup for instance (obviously replacing with the real domain that I
am not going to specify here).

Since I am running multiple virtual email domains from one server, I needed a
method of separating the accounts for one domain from the others. I have the
users of my directory setup as such:

dn: ou=People,dc=example,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People

dn: cn=example.org_johndoe,ou=People,dc=example,dc=org
cn: example.org_johndoe
objectclass: inetOrgPerson
objectclass: top
sn: doe

dn: cn=example.org_janedoe,ou=People,dc=example,dc=org
cn: example.org_janedoe
objectclass: inetOrgPerson
objectclass: top
sn: doe

When attempting to search by cn, which is the root DN, the user would have to
type in the full account name. This is a problem because whenever an account
name is setup the first portion of the name is not exposed to the end user
because it is expected that the application that is talking with the LDAP
database will know how to handle it automatically. With the way that the
mod_authnz_ldap is setup, there is a limitation that does not allow this to

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message