on 08/30/04 15:01 Geoffrey Young wrote:
Ooops, yeah. A follow-up email corrected "mod_authz_ldap" to
"mod_auth_ldap". Sorry 'bout that. To give a bit more detail, I am
using "mod_authz_ldap-0.22" on Apache 2 under RHAS 3.0. Went looking
through the C code of the authz module and found the function it gets
the credentials from:
char *authz_ldap_get_userdn(request_rec *r) {
authz_ldap_config_rec *sec;
sec = ap_get_module_config(r->per_dir_config, &authz_ldap_module);
return sec->userdn;
}
well, close - I think it's authz_ldap_set_username but the problem is the
same...
basically, mod_authz_ldap is caching the given username in it's private
stash - r->per_dir_config is generally used to refer to the httpd.conf
configuration data that applies to the current request. so, what I think is
going on here is one of the scenarios I posited before:
authz_ldap_set_username is only called in auth.c, so if you don't use
mod_authz_ldap to do your authentication then you are SOL, since it uses
it's cached version of the username instead of grabbing it from one of the
standard places after authentication.
my suggestion would be to play around with the mod_auth_ldap that ships with
httpd-2.0 - it is likely to be moved from experimental in the next release
IIRC and is much more well-behaved (judging from both the authors and
conversations I've been following).
another approach is to try to play around with this module's private data.
you can use this code as an example
http://www.modperlcookbook.org/code/ch08/Cookbook-LanguagePriority-0.01.tar.gz
but I'm afraid the corresponding explanations are not online. and I haven't
(yet) proven that this approach works with 2.0, so YMMV.
Yeah, I just found that in authz_ldap_set_username too. Sigh.
Well, thanks for your help.
HTH
--Geoff
--
David Castro
Software Architect
Azusa Pacific University
"My little children, let us not love in word or in tongue,
but in deed and in truth." -- 1 Jn 3:18 (NKJ)
|
