Hi, mod_authnz_ldap will put the attributes from the AuthLdapUrl in the request environmental variables if ldap is the authentication source. However, if mod_authnz_ldap is only providing Authorization and another module is the authentication source, the attributes are not available as request variables.
I have a suggestion for a patch based on the httpd package distributes with RHEL5 which is httpd-2.2.3. The patch is simple in that it does in the authz function what is done in the authn function. This is very useful to me and I'm sure others who are writing applications that run in enterprises where ldap is a public service. I've attached the patch for mod_authnz_ldap.c , but it is also available here https://weblion.psu.edu/trac/weblion/changeset?format=diff&new=11300&old=11294&new_path=users%2Fkjk137%2Fmod_authnz_ldap&old_path=users%2Fkjk137%2Fmod_authnz_ldap . -Kevin
Index: users/kjk137/mod_authnz_ldap/mod_authnz_ldap.c =================================================================== --- users/kjk137/mod_authnz_ldap/mod_authnz_ldap.c (revision 11294) +++ users/kjk137/mod_authnz_ldap/mod_authnz_ldap.c (revision 11300) @@ -581,6 +581,27 @@ req->dn = apr_pstrdup(r->pool, dn); req->user = r->user; - } - + + } + /* add environment variables */ + /* if (sec->attributes && vals) { */ + apr_table_t *e = r->subprocess_env; + int i = 0; + while (sec->attributes[i]) { + char *str = apr_pstrcat(r->pool, "AUTHENTICATE_", sec->attributes[i], NULL); + int j = 13; + while (str[j]) { + if (str[j] >= 'a' && str[j] <= 'z') { + str[j] = str[j] - ('a' - 'A'); + } + j++; + } + apr_table_setn(e, str, vals[i]); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "[%" APR_PID_T_FMT "] auth_ldap authorise: accepting %s", getpid(), str ); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "[%" APR_PID_T_FMT "] auth_ldap authorise: accepting %s", getpid(), vals[i] ); + i++; + } + /* Loop through the requirements array until there's no elements * left, or something causes a return from inside the loop */