Okay, a little more tracking down revealed that handler #5 ("check if
the user is ok _here_") is never getting called when my module is being
used, but is for Basic auth. Happen to know under which circumstances
this occurs/doesn't occur? Maybe there is something else I can set to
get that mechanism called in the first place. This appears to be the
main problem I have right now, preventing me from moving forward.
on 08/30/04 15:12 David Castro wrote:
on 08/30/04 15:01 Geoffrey Young wrote:
Ooops, yeah. A follow-up email corrected "mod_authz_ldap" to
"mod_auth_ldap". Sorry 'bout that. To give a bit more detail, I am
using "mod_authz_ldap-0.22" on Apache 2 under RHAS 3.0. Went looking
through the C code of the authz module and found the function it gets
the credentials from:
char *authz_ldap_get_userdn(request_rec *r) {
authz_ldap_config_rec *sec;
sec = ap_get_module_config(r->per_dir_config, &authz_ldap_module);
return sec->userdn;
}
well, close - I think it's authz_ldap_set_username but the problem is the
same...
basically, mod_authz_ldap is caching the given username in it's private
stash - r->per_dir_config is generally used to refer to the httpd.conf
configuration data that applies to the current request. so, what I think is
going on here is one of the scenarios I posited before:
authz_ldap_set_username is only called in auth.c, so if you don't use
mod_authz_ldap to do your authentication then you are SOL, since it uses
it's cached version of the username instead of grabbing it from one of the
standard places after authentication.
my suggestion would be to play around with the mod_auth_ldap that ships with
httpd-2.0 - it is likely to be moved from experimental in the next release
IIRC and is much more well-behaved (judging from both the authors and
conversations I've been following).
another approach is to try to play around with this module's private data.
you can use this code as an example
http://www.modperlcookbook.org/code/ch08/Cookbook-LanguagePriority-0.01.tar.gz
but I'm afraid the corresponding explanations are not online. and I haven't
(yet) proven that this approach works with 2.0, so YMMV.
Yeah, I just found that in authz_ldap_set_username too. Sigh.
Well, thanks for your help.
HTH
--Geoff
--
David Castro
Software Architect
Azusa Pacific University
"My little children, let us not love in word or in tongue,
but in deed and in truth." -- 1 Jn 3:18 (NKJ)
--
David Castro
Software Architect
Azusa Pacific University
"My little children, let us not love in word or in tongue,
but in deed and in truth." -- 1 Jn 3:18 (NKJ)
|
