Hi,
mod_authnz_ldap will put the attributes from the AuthLdapUrl in the
request environmental variables if ldap is the authentication source.
However, if mod_authnz_ldap is only providing Authorization and another
module is the authentication source, the attributes are not available as
request variables.
I have a suggestion for a patch based on the httpd package distributes
with RHEL5 which is httpd-2.2.3.
The patch is simple in that it does in the authz function what is done
in the authn function. This is very useful to me and I'm sure others
who are writing applications that run in enterprises where ldap is a
public service.
I've attached the patch for mod_authnz_ldap.c , but it is also
available here
https://weblion.psu.edu/trac/weblion/changeset?format=diff&new=11300&old=11294&new_path=users%2Fkjk137%2Fmod_authnz_ldap&old_path=users%2Fkjk137%2Fmod_authnz_ldap
.
-Kevin
Index: users/kjk137/mod_authnz_ldap/mod_authnz_ldap.c
===================================================================
--- users/kjk137/mod_authnz_ldap/mod_authnz_ldap.c (revision 11294)
+++ users/kjk137/mod_authnz_ldap/mod_authnz_ldap.c (revision 11300)
@@ -581,6 +581,27 @@
req->dn = apr_pstrdup(r->pool, dn);
req->user = r->user;
- }
-
+
+ }
+ /* add environment variables */
+ /* if (sec->attributes && vals) { */
+ apr_table_t *e = r->subprocess_env;
+ int i = 0;
+ while (sec->attributes[i]) {
+ char *str = apr_pstrcat(r->pool, "AUTHENTICATE_",
sec->attributes[i], NULL);
+ int j = 13;
+ while (str[j]) {
+ if (str[j] >= 'a' && str[j] <= 'z') {
+ str[j] = str[j] - ('a' - 'A');
+ }
+ j++;
+ }
+ apr_table_setn(e, str, vals[i]);
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "[%" APR_PID_T_FMT "] auth_ldap authorise: accepting %s",
getpid(), str );
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "[%" APR_PID_T_FMT "] auth_ldap authorise: accepting %s",
getpid(), vals[i] );
+ i++;
+ }
+
/* Loop through the requirements array until there's no elements
* left, or something causes a return from inside the loop */
