https://issues.apache.org/bugzilla/show_bug.cgi?id=42561
Jean-Yves Avenard <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW --- Comment #8 from Jean-Yves Avenard <[email protected]> 2010-09-07 14:40:49 EDT --- Here is a version against 2.2 correcting some bugs and issues earlier mentioned. I also added two new directives: -AuthLDAPRemoteFirstUserAttribute: By default, when using a remote user attribute, if there is more than one attributes of the same kind, mod_authnz_ldap returns as string made of all the attributes separated by a "; ". This can have some unwanted effects, for example. Apple's MacOS 10.6 Open Directory stores users and user aliases in LDAP as: dn: uid=jeanyves_avenard,cn=users,dc=m,dc=hydrix,dc=com uid: jeanyves_avenard uid: jean-yves.avenard objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: apple-user objectClass: extensibleObject objectClass: organizationalPerson objectClass: top objectClass: person remote_user attribute would therefore contain: "jeanyves_avenard; jean-yves.avenard" which is of no use. When AuthLDAPRemoteFirstUserAttribute is set, then only the first attribute will be returned. -AuthzLDAPRemoteUserAttribute: By default, the custom user attribute is only use for authentication. When AuthzLDAPRemoteUserAttribute is set, it will also be be used during authorisation. Cheers Jean-Yves Hydrix -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
