mod_authnz_ldap.c: Make sure the authentication variables are set in
all cases where another module is the source of the authentication,
and that authenticated user is looked up in LDAP.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1909928 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/CHANGES b/CHANGES
index cf802ca..b96efd7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_authnz_ldap.c: Make sure the authentication variables are set in
+ all cases where another module is the source of the authentication,
+ and that authenticated user is looked up in LDAP. [Graham Leggett]
+
*) mod_autht_jwt: New module to handle RFC 7519 JWT tokens within
bearer tokens, both as part of the aaa framework, and as a way to
generate tokens and pass them to backend servers and services.
diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index a335362..2de813f 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -688,6 +688,7 @@
authn_ldap_config_t *sec =
(authn_ldap_config_t *)ap_get_module_config(r->per_dir_config, &authnz_ldap_module);
const char *dn = NULL;
+ int remote_user_attribute_set = 0;
/* Build the username filter */
if (APR_SUCCESS != authn_ldap_build_filter(filtbuf, r, r->user, NULL, sec)) {
@@ -710,6 +711,21 @@
req->dn = apr_pstrdup(r->pool, dn);
req->user = r->user;
+
+ /* add environment variables */
+ remote_user_attribute_set = set_request_vars(r, LDAP_AUTHN, req->vals);
+
+ /* sanity check */
+ if (sec->remote_user_attribute && !remote_user_attribute_set) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10450)
+ "auth_ldap non-ldap authenticate: "
+ "REMOTE_USER was to be set with attribute '%s', "
+ "but this attribute was not requested for in the "
+ "LDAP query for the user. REMOTE_USER will fall "
+ "back to username or DN as appropriate.",
+ sec->remote_user_attribute);
+ }
+
return AUTHZ_GRANTED;
}
