You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2018/01/11 16:05:52 UTC
[Bug 61990] New: Can't use variable with Require ldap-filter
https://bz.apache.org/bugzilla/show_bug.cgi?id=61990
Bug ID: 61990
Summary: Can't use variable with Require ldap-filter
Product: Apache httpd-2
Version: 2.4.6
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_authnz_ldap
Assignee: bugs@httpd.apache.org
Reporter: arthur.garnier@externe.e-i.com
Target Milestone: ---
Hi,
I'm trying to allow user depending of a URI match with LDAP.
My conf is like this :
<If "%{REQUEST_URI} =~ /logs_[a-z0-9]*.[A-Z0-9]{4}/">
SetEnvIf Request_URI "/logs_[a-z0-9]*.([A-Z0-9]*)" VAR=$1
AuthLDAPURL
ldaps://ldap-${Env}.XXXXX.com:1234/DC=XXXXX,DC=com?userPrincipalName
AuthLDAPBindDN 'CN=reader ,OU=YYYYY,OU=YYYYY,DC=XXX,DC=XXXXX,DC=com'
AuthLDAPBindPassword *********
<RequireAll>
Require valid-user
Require ldap-filter
memberof:1.2.840.113556.1.4.1941:=CN=%{ENV:VAR}_unixlogs,OU=XXXXXX,OU=XXXXXXXXXXXX,DC=XXXXX,DC=com
</RequireAll>
</If>
But in logs I get :
Jan 11 14:18:31 XXXXXXX httpd: XXXX|XXXXXXXXX|t="Thu Jan 11 14:18:31 2018"
rip="XXXXXXXXXXXX" ip="-" uid="XXXXXXXXXXXX" severity="authnz_ldap:debug"
v="XXXXXXXXXX" msg="AH01743: auth_ldap authorize: checking filter
memberof:1.2.840.113556.1.4.1941:=CN=%{ENV:VAR}_unixlogs,OU=XXXXXXXX,OU=XXXXXXX,DC=XXXXX,DC=com"
I also tried to add :
Require env ROB
And this Require returns "Granted"
Juste in case, in the ldap-filter condition I tried several syntaxes (even some
with no sense):
%{VAR}, ${VAR}, $VAR, %VAR, %{VAR}e, %{ENV:VAR}
The module documentation provides a similar exemple with ldap-groupe :
AuthLDAPURL ldap://ldap.example.com/o=Example?uid
Require ldap-group cn=%{SERVER_NAME}, o=Example
Is there a trick ? It's a bug ?
Thanks in advance !
Regards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61990] Can't use variable with Require ldap-filter
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61990
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #4 from Eric Covener <co...@gmail.com> ---
I'd suggest filing a bug with RedHat, with your package version, because we
don't even know what code you have.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61990] Can't use variable with Require ldap-filter
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61990
arthur.garnier@externe.e-i.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW
--- Comment #3 from arthur.garnier@externe.e-i.com ---
Unfortunatly no, I'm stuck with this version, we only have RedHat distros...
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61990] Can't use variable with Require ldap-filter
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61990
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
Status|NEW |NEEDINFO
--- Comment #2 from Eric Covener <co...@gmail.com> ---
can you try on a "real" and recent 2.4.x release and not 2.4.6 (presumably w/
years of redhat fixes?). The code appears to be there.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61990] Can't use variable with Require ldap-filter
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61990
--- Comment #1 from arthur.garnier@externe.e-i.com ---
Just in addition, I have some restriction and I have to do all this stuff in
.htaccess
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 61990] Can't use variable with Require ldap-filter
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61990
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|enhancement |normal
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org