httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ling Ho <>
Subject [users@httpd] AuthLDAPRemoteUserAttribute Directive in mixed mod_authnz_ldap Authn and Authz setup
Date Wed, 09 May 2018 01:53:54 GMT

I am trying to get Kerberos Authentication and LDAP Authorization 
working together.

But I have a situation where some of my users have Kerberos principal 
name that are different from their LDAP uids which is used in group 
membership. Basically each users has 2 UID attributes, one is just a 
plain username, and 2nd is principal@REALM. Some of the users's 
usernames and principals  are different.

However there is a 2nd attribute in the form of UUID in a user's entry 
that is also added to the group, when a user is added to a group.

I think using AuthLDAPRemoteUserAttribute and AuthLDAPGroupAttribute 
both set to this UUID attribute will solve my problem. However if I am 
not mistaken, AuthLDAPRemoteUserAttribute is only set if LDAP is used 
for authentication (based on mod_authnz_ldap.c). I am using 
httpd-2.4.6-67.el7 that comes with Centos 7.

Is there anyway I can force AuthLDAPRemoteUserAttribute to be set when 
my AuthType is set to Kerberos?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message