httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 52892] New: Require expr and %{REMOTE_USER}
Date Mon, 12 Mar 2012 21:03:23 GMT

             Bug #: 52892
           Summary: Require expr and %{REMOTE_USER}
           Product: Apache httpd-2
           Version: 2.4.1
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authz_core
    Classification: Unclassified

(May have mislabled the compenent, not sure if it is in authn_core or

What I'm trying to do:
|                <RequireAll>
|                        Require ssl-verify-client
|                        Require valid-user
|                        Require expr ( \
|                                        (%{SSL_CLIENT_S_DN_O} == "Company") &&
|                                        (%{SSL_CLIENT_S_DN_OU} == "Staff") &&
|                                        (%{REMOTE_USER} ==
|                                     )
|                </RequireAll>

Need valid Client Cert + Login, login needs to be the CN of the certificate.

What I expect to happen: this should work
What I see: %{REMOTE_USER} is empty!
> The expression parser provides a number of variables of the form %{HTTP_HOST}. Note that
the value of a variable may depend on the phase of the request processing in which it is evaluated.
For example, an expression used in an <If > directive is evaluated before authentication
is done. Therefore, %{REMOTE_USER} will not be set in this case.

It's noted in the docs it can be empty... however:
| Require user hardcodeduser

Works fine... the information seems to be available at this stage.
So why isn't it exported.

For Comepleteness:
I also tried "Require user %{SSL_CLIENT_S_DN_CN}" but that didn't work... I
wasn't expecting it to work though.

I don't think what I'm trying to do is unreasonable, if there is a way to do
it, it would be awesome.

Hopefully this is really a bug and not a limitation!

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message