You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/10/27 07:18:53 UTC

DO NOT REPLY [Bug 31913] New: - Authorization against attributes

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31913>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31913

Authorization against attributes

           Summary: Authorization against attributes
           Product: Apache httpd-2.0
           Version: 2.1-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Other
         Component: mod_auth_ldap
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: rmorgan@pobox.com


Auth ldap currently does not allow for filter type expressions for
authorization.  This would be a big help for those who want to
authorize against a given user attribute without needing to modify
the directory to create a group.

For example, a record like:

dn: Ryan Morgan, ou=Development, ou=People, o=Covalent, c=US
..
..
employeeStatus: active

Authorization to a given area could be granted using:

AuthLDAPUrl ldap://...
require ldap-attribute employeeStatus=active

The attached patch implements this functionality.  Any number
of name=value pairs can be specified on the require line. (Just as
with require ldap-user).

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org