https://bz.apache.org/bugzilla/show_bug.cgi?id=65945
Eric Covener <covener@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Eric Covener <covener@gmail.com> ---
Can you clarify, do you mean "if httpd found the user in an ldap-group, set an
environment variable" listing the 1 group used? Even this could be tricky with
RequireAny, negated checks, etc.
I don't think there is a good/standard Apache can convey "all groups for
current user" because the the standard LDAP mechanism (like the schema you
describe) gives you a way to check only whether a given user is in a specific
given group. There is no standard interface for returning all groups of a given
user.
I am aware that some LDAP servers provide a "magic" attributes that retrieves
group memberships if they use the standard group schema -- such as
ibm-allGroups for IBM Security Directory Server.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
Eric Covener <covener@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Eric Covener <covener@gmail.com> ---
Can you clarify, do you mean "if httpd found the user in an ldap-group, set an
environment variable" listing the 1 group used? Even this could be tricky with
RequireAny, negated checks, etc.
I don't think there is a good/standard Apache can convey "all groups for
current user" because the the standard LDAP mechanism (like the schema you
describe) gives you a way to check only whether a given user is in a specific
given group. There is no standard interface for returning all groups of a given
user.
I am aware that some LDAP servers provide a "magic" attributes that retrieves
group memberships if they use the standard group schema -- such as
ibm-allGroups for IBM Security Directory Server.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org