httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitri Colebatch" <...@colebatch.com>
Subject [users@httpd] hack to provide "single username/password store" appearance to another app
Date Thu, 26 Apr 2007 04:08:10 GMT
Hi all,

I've been asked to provide a proxy that authenticates users against
our LDAP tree, and then proxies their requests to an external system
that requires a different password (for the same user).  I can do this
with a hardcoded username/password for the external system like this:

                AuthType Basic
                AuthName "LDAP Authentication"
                AuthLDAPURL ldap://ldap/o=users?cn?sub?(objectclass=Person)
                AuthLDAPBindDN ldap-admin-user
                AuthLDAPBindPassword ldap-admin-pass
                require valid-user

                SetEnv OurAuthHeader "Basic VDEyNjcwOnM5MzdDMQ=="

                RequestHeader set Authorization "%{OurAuthHeader}e"

                ProxyPass http://other-system/
                ProxyPassReverse http://other-system/

But what I would like to do is write something to set the value of
OurAuthHeader based on the currently logged in user (ie lookup the
current user's password for the external system and generate an auth
header based on that).

I've tried doing this with a filter, but can't even get a basic filter working:

        PerlModule Apache::AuthFilter
        PerlInputFilterHandler Apache::AuthFilter

with the AuthFilter.pm:

        sub handler : FilterConnectionHandler {
                print STDERR "test\n";
                Apache::Const::OK;
        }
        1;

This just drops the connection as soon as I make the request.
Obviously the above does nothing, I would like to change it to replace
the hardcoded "OurAuthHeader" value.

I've been looking at http://modperlbook.org/html/ch25_03.html and
trying to learn what I can, but am not having much luck.  I'm also
restricted to mod_perl 1.99 which rules out a couple of other options
I've found.  Does anyone have any suggestions for me?

cheers,
dim

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message