https://bz.apache.org/bugzilla/show_bug.cgi?id=61990
Bug ID: 61990
Summary: Can't use variable with Require ldap-filter
Product: Apache httpd-2
Version: 2.4.6
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_authnz_ldap
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Hi,
I'm trying to allow user depending of a URI match with LDAP.
My conf is like this :
<If "%{REQUEST_URI} =~ /logs_[a-z0-9]*.[A-Z0-9]{4}/">
SetEnvIf Request_URI "/logs_[a-z0-9]*.([A-Z0-9]*)" VAR=$1
AuthLDAPURL
ldaps://ldap-${Env}.XXXXX.com:1234/DC=XXXXX,DC=com?userPrincipalName
AuthLDAPBindDN 'CN=reader ,OU=YYYYY,OU=YYYYY,DC=XXX,DC=XXXXX,DC=com'
AuthLDAPBindPassword *********
<RequireAll>
Require valid-user
Require ldap-filter
memberof:1.2.840.113556.1.4.1941:=CN=%{ENV:VAR}_unixlogs,OU=XXXXXX,OU=XXXXXXXXXXXX,DC=XXXXX,DC=com
</RequireAll>
</If>
But in logs I get :
Jan 11 14:18:31 XXXXXXX httpd: XXXX|XXXXXXXXX|t="Thu Jan 11 14:18:31 2018"
rip="XXXXXXXXXXXX" ip="-" uid="XXXXXXXXXXXX" severity="authnz_ldap:debug"
v="XXXXXXXXXX" msg="AH01743: auth_ldap authorize: checking filter
memberof:1.2.840.113556.1.4.1941:=CN=%{ENV:VAR}_unixlogs,OU=XXXXXXXX,OU=XXXXXXX,DC=XXXXX,DC=com"
I also tried to add :
Require env ROB
And this Require returns "Granted"
Juste in case, in the ldap-filter condition I tried several syntaxes (even some
with no sense):
%{VAR}, ${VAR}, $VAR, %VAR, %{VAR}e, %{ENV:VAR}
The module documentation provides a similar exemple with ldap-groupe :
AuthLDAPURL ldap://ldap.example.com/o=Example?uid
Require ldap-group cn=%{SERVER_NAME}, o=Example
Is there a trick ? It's a bug ?
Thanks in advance !
Regards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
