Return-Path: 
 <dev-return-44692-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 83594 invoked from network); 27 Oct 2004 00:12:24 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 27 Oct 2004 00:12:24 -0000
Received: (qmail 3552 invoked by uid 500); 27 Oct 2004 00:12:12 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 3507 invoked by uid 500); 27 Oct 2004 00:12:11 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 3493 invoked by uid 99); 27 Oct 2004 00:12:11 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received-SPF: neutral (hermes.apache.org: 209.237.229.202 is neither permitted
 nor denied by domain of rmorgan@pobox.com)
Received: from [209.237.229.202] (HELO mail.hyperic.net) (209.237.229.202)
  by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 26 Oct 2004 17:12:09 -0700
Received: from [192.168.123.115] ([64.170.193.126]) by mail.hyperic.net with
 Microsoft SMTPSVC(6.0.3790.211);
	 Tue, 26 Oct 2004 17:12:07 -0700
Mime-Version: 1.0 (Apple Message framework v619)
Content-Transfer-Encoding: 7bit
Message-Id: <D503EF54-27AC-11D9-8D06-000A95AEF9D0@pobox.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: dev@httpd.apache.org
From: Ryan Morgan <rmorgan@pobox.com>
Subject: Ldap Authorization
Date: Tue, 26 Oct 2004 17:12:04 -0700
X-Mailer: Apple Mail (2.619)
X-OriginalArrivalTime: 27 Oct 2004 00:12:07.0703 (UTC)
 FILETIME=[989DAA70:01C4BBB9]
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N


Hey all,

The mod_authnz_ldap documentation states that authorization schemes can 
be
setup using LDAP filters.  From looking at the source, that doesn't 
appear
to be the case.  (Authentication uses filters, but the authorization
phase does not)

I think that type of feature could be useful though.  I was thinking of 
adding
an additional directive 'require ldap-attribute name=value'.

I have a patch available if the group likes the idea.

Thoughts?
-Ryan