>> then all you should need to do is set $r->user to the authenticated >> user and >> you should be good to go. for completeness, you might also want to set >> $r->connection->auth_type to 'Basic', but that is most likely not >> required >> to get things working. >> >> > Hrmm. Yeah, this is what I had thought and tried at one point with no > luck. When I use basic auth and let mod_authz_ldap do it's thing, I get > "...basic LDAP authentication of user 'test'...", but with my auth > module (using the code above) I get "...on user '(null)' failed..." in > my logs. So, basic auth is doing something that I am not to get that > user set for the underlying authz module, I just can't figure out what > the heck it is.
well, I can't find either of those error messages in mod_auth_ldap from http://www.muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap.html on in httpd-2.0, so I'm not sure exactly where the error is coming from. one thing of interest is that in the former code they call ap_get_basic_auth_pw() from the authz phase, which is clearly wrong and will subvert the approach I outlined above. but if you can't set the Authorization header either (recipe 13.4) and have it work then I don't know. anyway, if you give me a pointer to the mod_auth_ldap code you're using I can look it over and see, but there are only a few different places where the user information can come from - $r->user directly, or from the Authorization header. well, I guess there is a third - mod_auth_ldap could assume (or require) that it is the authentication handler and instead of looking in those two places it could rely on some internal cache. in fact, this seems to be the case, as the "AuthLDAPAuthoritative" directive seems to be designed exactly for this purpose. the docs indicate that you should set it to "no" if you want to use something other than mod_auth_ldap for the authentication phase, which is what you are trying to do. so, have you set this directive and tried a the other two approaches (setting the incoming header and/or just $r->user)? --Geoff -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
