I don't know if you can do exactly what you want but you could use the RequireAll directive so a user has to pass more than one requirement to be successfuly authenticated.
On Wed, May 9, 2018, 04:54 Ling Ho <[email protected]> wrote: > Hello, > > I am trying to get Kerberos Authentication and LDAP Authorization > working together. > > But I have a situation where some of my users have Kerberos principal > name that are different from their LDAP uids which is used in group > membership. Basically each users has 2 UID attributes, one is just a > plain username, and 2nd is principal@REALM. Some of the users's > usernames and principals are different. > > However there is a 2nd attribute in the form of UUID in a user's entry > that is also added to the group, when a user is added to a group. > > I think using AuthLDAPRemoteUserAttribute and AuthLDAPGroupAttribute > both set to this UUID attribute will solve my problem. However if I am > not mistaken, AuthLDAPRemoteUserAttribute is only set if LDAP is used > for authentication (based on mod_authnz_ldap.c). I am using > httpd-2.4.6-67.el7 that comes with Centos 7. > > Is there anyway I can force AuthLDAPRemoteUserAttribute to be set when > my AuthType is set to Kerberos? > > Thanks, > ... > ling > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
