-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_authnz_ldap.c: Make sure the authentication variables are set in
+ all cases where another module is the source of the authentication,
+ and that authenticated user is looked up in LDAP. [Graham Leggett]
+
*) mod_autht_jwt: New module to handle RFC 7519 JWT tokens within
bearer tokens, both as part of the aaa framework, and as a way to
generate tokens and pass them to backend servers and services.
authn_ldap_config_t *sec =
(authn_ldap_config_t *)ap_get_module_config(r->per_dir_config, &authnz_ldap_module);
const char *dn = NULL;
+ int remote_user_attribute_set = 0;
/* Build the username filter */
if (APR_SUCCESS != authn_ldap_build_filter(filtbuf, r, r->user, NULL, sec)) {
req->dn = apr_pstrdup(r->pool, dn);
req->user = r->user;
+
+ /* add environment variables */
+ remote_user_attribute_set = set_request_vars(r, LDAP_AUTHN, req->vals);
+
+ /* sanity check */
+ if (sec->remote_user_attribute && !remote_user_attribute_set) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10450)
+ "auth_ldap non-ldap authenticate: "
+ "REMOTE_USER was to be set with attribute '%s', "
+ "but this attribute was not requested for in the "
+ "LDAP query for the user. REMOTE_USER will fall "
+ "back to username or DN as appropriate.",
+ sec->remote_user_attribute);
+ }
+
return AUTHZ_GRANTED;
}