Re: [users@httpd] mod_authnz_ldap AUTHENTICATE_* Env variables ?

Tue, 05 Feb 2008 03:27:52 -0800 

Eric Covener wrote:

On Jan 31, 2008 12:59 PM, Eric Covener <[EMAIL PROTECTED]> wrote:

On Jan 31, 2008 12:16 PM, jehan procaccia
<[EMAIL PROTECTED]> wrote:


I do enter in mod_auth_cas for authn, then authz is supposed to be
carried out from mod_authnz_ldap,

Peaking at the source, it looks like mod_authnz_ldap only sets this
when it authenticates (checks the password) for a request, and not
when it does authorization (checks a Require)




Which is vacuously true of mod_authn_dbd (emphasis on authn).  Looks
like a doc bug or a feature request :/
I confirm that I get the env variable when using pure mod_authzn_ldap config, exemple: 

<Directory /var/www/html/jehan/cgi3/>
AuthType Basic
 AuthName "calaz"
 AuthBasicProvider "ldap"
AuthLDAPUrl "ldap://calaz.int-evry.fr/dc=int-evry,dc=fr?uid,mail,cn,eduPersonAffiliation"; 
 authzldapauthoritative Off
 require valid-user

ldap logs when connecting
Feb 5 12:12:38 localhost slapd[16931]: conn=3 op=1 SRCH attr=uid mail cn eduPersonAffiliation 

printenv.pl do show among others:
AUTHENTICATE_EDUPERSONAFFILIATION --> employee
AUTHENTICATE_MAIL --> [EMAIL PROTECTED]
AUTHENTICATE_CN --> test Test
But as soon as I cascade our mod_auth_cas SSO authn module , I loose these AUTHENTICATE_* env variables :-( . 

##AuthType Basic
##  AuthName "calaz"
AuthType CAS
AuthName "CAS SSO"
AuthLDAPUrl "ldap://calaz.int-evry.fr/dc=int-evry,dc=fr?uid,mail,cn,eduPersonAffiliation"; 
 authzldapauthoritative Off
 require valid-user

I do see the ldap request:
Feb 5 12:20:07 localhost slapd[16931]: conn=5 op=1 SRCH attr=uid mail cn eduPersonAffiliation 

but attributes are not available in http env variable anymore .
Is there a way to get these variable AUTHENTICATE_* with an other authn module ? 

Thanks.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to