https://bz.apache.org/bugzilla/show_bug.cgi?id=65945
Bug ID: 65945
Summary: Enhance mod_authnz_ldap to set attribute with group
memberships
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_authnz_ldap
Assignee: bugs@httpd.apache.org
Reporter: christopher.l...@icloud.com
Target Milestone: ---
Please extend mod_authnz_ldap to set a computed/generated attribute with the
LDAP group information of the current requests user.
I was successful in configuring the module to set environment variables from
the user's LDAP entry such as uid ("AUTHORIZE_uid") and cn ("AUTHORIIZE_cn") as
documented here:
https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#exposed
However I cannot find any attribute that holds the list of group memberships.
I tried the attributes member, uniqueMember and memberof; none seem to be set
by mod_authnz_ldap.
I think we're using a simple & standard LDAP group. It's defined with
"objectClass: groupOfUniqueNames", a dn and cn, plus a list of uniqueMember
items that name our users.
I'm not the only one who would like this :) here are other people asking for
this same capability:
https://stackoverflow.com/questions/53496804/exposing-group-information-with-mod-authnz-ldap
https://serverfault.com/questions/732107/can-apache-expose-the-ldap-group-used-to-authenticate-to-a-php-application#
Thanks for considering it!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
