perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Krist van Besien" <krist.vanbes...@gmail.com>
Subject Checking for group membership in a mod perl handler.
Date Tue, 18 Sep 2007 12:53:02 GMT
Hello,

I've implemented authentication in my web server using a mod_perl
authentication handler.
I now have the following in my httpd.conf:

PerlAuthenHandler Apache2::AuthenDBMCache Apache2::AuthenMSAD
        PerlSetVar MSADDomain mydomain
Require valid-user

(The two modules I found on CPAN, and they're just right for what I needed)

This works perfectly. The authentication handler checks the username
and password, and allows or denies access.

Require user user1 user2

works fine too.

Now I want to do a bit more. I want to use:

Require group department1 department2

The problem is that I don't want to use a group file. I want to use a
perl module to check group membership. Specifically I want to check
the "department" property in our active directory, and use this to
allow or deny access.

Writing Perl code that gets this info from the AD is not the problem.
My problem is that its not clear to me how to tie this code in the
whole apache processing.

Do I need to write a PerlAuthzHandler? Or something else?

apache is 2.0.59, mod_perl is 2.0

Thanks in advance,

Krist van Besien

-- 
krist.vanbesien@gmail.com
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

Mime
View raw message