Mailing List Archive

[Bug 65945] New: Enhance mod_authnz_ldap to set attribute with group memberships
https://bz.apache.org/bugzilla/show_bug.cgi?id=65945

Bug ID: 65945
Summary: Enhance mod_authnz_ldap to set attribute with group
memberships
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_authnz_ldap
Assignee: bugs@httpd.apache.org
Reporter: christopher.lott@icloud.com
Target Milestone: ---

Please extend mod_authnz_ldap to set a computed/generated attribute with the
LDAP group information of the current requests user.

I was successful in configuring the module to set environment variables from
the user's LDAP entry such as uid ("AUTHORIZE_uid") and cn ("AUTHORIIZE_cn") as
documented here:
https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#exposed

However I cannot find any attribute that holds the list of group memberships.
I tried the attributes member, uniqueMember and memberof; none seem to be set
by mod_authnz_ldap.

I think we're using a simple & standard LDAP group. It's defined with
"objectClass: groupOfUniqueNames", a dn and cn, plus a list of uniqueMember
items that name our users.

I'm not the only one who would like this :) here are other people asking for
this same capability:

https://stackoverflow.com/questions/53496804/exposing-group-information-with-mod-authnz-ldap

https://serverfault.com/questions/732107/can-apache-expose-the-ldap-group-used-to-authenticate-to-a-php-application#

Thanks for considering it!

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org