You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Markus Moeller <hu...@moeller.plus.com> on 2009/02/28 17:42:24 UTC
[users@httpd] mod_authnz_ldap question
Has anybody a sample configuration for mod_auth_kerb or mod_auth_gss with
mod_authnz_ldap ?
I'd like to authenticate the user with GSSAPI/SPNEGO and then authorize with
ldap groups. The problem I see in my case is that the username has the realm
(e.g. user@mydomain.com), but my ldap uid does not. Is there a generic way
of mapping usernames or a specific option in mod_authnz_ldap to cut off the
@mydomain.com part ?
Thank you
Markus
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_authnz_ldap question
Posted by Eric Covener <co...@gmail.com>.
On Sat, Feb 28, 2009 at 11:42 AM, Markus Moeller
<hu...@moeller.plus.com> wrote:
> Has anybody a sample configuration for mod_auth_kerb or mod_auth_gss with
> mod_authnz_ldap ?
>
> I'd like to authenticate the user with GSSAPI/SPNEGO and then authorize with
> ldap groups. The problem I see in my case is that the username has the realm
> (e.g. user@mydomain.com), but my ldap uid does not. Is there a generic way
> of mapping usernames or a specific option in mod_authnz_ldap to cut off the
> @mydomain.com part ?
Do you have any other attribute in your ldap that has the very same
user@mydomain.com value?
I am not aware of any way to transform the username before LDAP sees it.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org