httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arnaud Lesueur" <>
Subject [users@httpd] Apache 2.2.8 + mod_authnz_ldap + mod_header/env variables
Date Mon, 19 May 2008 14:55:02 GMT
Hi folks,

I'm currently using mod_authnz_ldap to process authentication and
authorization on LDAP back-end on Apache 2.2.8. This part is doing
it's work

This authentication is placed in front of a mod_proxy_http in reverse
proxy mode.

I would like to pass user informations to backend applications.

In the documentation :
We saw that environment variable AUTHENTICATE_* are populated with
ldap attributes.

I've successfully check this part on a local PHP application. I can
get my variable.
Now, I'd like to push thoses variables in the HTTP header using this

RequestHeader set MAIL "%{MAIL}e
The header stills empty (not null but empty).

I've also tried with REMOTE_USER to do the same thing. This is also
not working while for REMOTE_USER is it working when using
mod_auth_basic or even with REMOTE_ADDR.

My interpretation is that my directives (SetEnvIf and RequestHeader)
are being executed before the authentication/authorization process. Is
it true ? Can we force the order ?

Or is there any other way to push REMOTE_USER / AUTHENTICATE_* in the
HTTP headers for this module ?

Here is my configuration used :

AuthLDAPURL ldap://,dc=fr?uid,sn,cn,mail?sub?(title=UF)

AuthType Basic
AuthName "secure"
AuthBasicProvider ldap
AuthLDAPBindDN "cn=Directory Manager"
AuthLDAPBindPassword password
AuthLDAPRemoteUserIsDN on
AuthzLDAPAuthoritative on
Require ldap-group cn=mygroup,dc=domain,dc=fr

RequestHeader set USER "%{USER}e"

RequestHeader set MAIL "%{MAIL}e"

ProxyPass http://localhost:8080/stub/
ProxyPassReverse http://localhost:8080/stub/


Arnaud Lesueur


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message