Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B41F398C7 for ; Mon, 12 Mar 2012 21:03:47 +0000 (UTC) Received: (qmail 70191 invoked by uid 500); 12 Mar 2012 21:03:47 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 70138 invoked by uid 500); 12 Mar 2012 21:03:47 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 70128 invoked by uid 99); 12 Mar 2012 21:03:47 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Mar 2012 21:03:47 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Mar 2012 21:03:44 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 99F603F80; Mon, 12 Mar 2012 21:03:23 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: DO NOT REPLY [Bug 52892] New: Require expr and %{REMOTE_USER} Date: Mon, 12 Mar 2012 21:03:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_authz_core X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: registration@blackdot.be X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=52892 Bug #: 52892 Summary: Require expr and %{REMOTE_USER} Product: Apache httpd-2 Version: 2.4.1 Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: mod_authz_core AssignedTo: bugs@httpd.apache.org ReportedBy: registration@blackdot.be Classification: Unclassified (May have mislabled the compenent, not sure if it is in authn_core or authz_core) What I'm trying to do: | | Require ssl-verify-client | Require valid-user | Require expr ( \ | (%{SSL_CLIENT_S_DN_O} == "Company") && \ | (%{SSL_CLIENT_S_DN_OU} == "Staff") && \ | (%{REMOTE_USER} == %{SSL_CLIENT_S_DN_CN}) \ | ) | Need valid Client Cert + Login, login needs to be the CN of the certificate. What I expect to happen: this should work What I see: %{REMOTE_USER} is empty! > The expression parser provides a number of variables of the form %{HTTP_HOST}. Note that the value of a variable may depend on the phase of the request processing in which it is evaluated. For example, an expression used in an directive is evaluated before authentication is done. Therefore, %{REMOTE_USER} will not be set in this case. It's noted in the docs it can be empty... however: | Require user hardcodeduser Works fine... the information seems to be available at this stage. So why isn't it exported. For Comepleteness: I also tried "Require user %{SSL_CLIENT_S_DN_CN}" but that didn't work... I wasn't expecting it to work though. I don't think what I'm trying to do is unreasonable, if there is a way to do it, it would be awesome. Hopefully this is really a bug and not a limitation! -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org