httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexandru Duzsardi <alexandru.duzsa...@pitechnologies.ro>
Subject Re: [users@httpd] AuthLDAPRemoteUserAttribute Directive in mixed mod_authnz_ldap Authn and Authz setup
Date Wed, 09 May 2018 05:52:18 GMT
I don't know if you can do exactly what you want but you could use the
RequireAll directive so a user has to pass more than one requirement to be
successfuly authenticated.

On Wed, May 9, 2018, 04:54 Ling Ho <ling@aliko.com> wrote:

> Hello,
>
> I am trying to get Kerberos Authentication and LDAP Authorization
> working together.
>
> But I have a situation where some of my users have Kerberos principal
> name that are different from their LDAP uids which is used in group
> membership. Basically each users has 2 UID attributes, one is just a
> plain username, and 2nd is principal@REALM. Some of the users's
> usernames and principals  are different.
>
> However there is a 2nd attribute in the form of UUID in a user's entry
> that is also added to the group, when a user is added to a group.
>
> I think using AuthLDAPRemoteUserAttribute and AuthLDAPGroupAttribute
> both set to this UUID attribute will solve my problem. However if I am
> not mistaken, AuthLDAPRemoteUserAttribute is only set if LDAP is used
> for authentication (based on mod_authnz_ldap.c). I am using
> httpd-2.4.6-67.el7 that comes with Centos 7.
>
> Is there anyway I can force AuthLDAPRemoteUserAttribute to be set when
> my AuthType is set to Kerberos?
>
> Thanks,
> ...
> ling
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message