Project

General

Profile

Feature #1248

Allow User-DN to be supplied in the configuration rather than searching

Added by Anonymous over 9 years ago. Updated 6 months ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_auth
Target version:
-
Start date:
Due date:
% Done:

100%

Missing in 1.5.x:

Description

Right now, every connection requires an anonymous (or bound) connection used to search the user-dn. Rather than searching for the user-dn, it should be possible to define the user-dn in the configuration file.

-- douglas

lighttpd.ldap.userdn.patch View - Resolution for the enhancement. In addition, I have changed the hack limiting the username to alphanums, and instead correctly escape unallowed characters in the username (permitting usernames like user@company.com ) -- douglas (13.4 KB) Anonymous, 2007-06-27 14:50

lighttpd.ldap.userdn.2.patch View - I've updated the patch to still use the filter when using a userdn -- douglas (16.3 KB) Anonymous, 2007-06-28 10:06

lighttpd_trunk.ldap.userdn.patch View - The above patch is against the 1.4.x branch, this is the same patch applied to the trunk, adjusting for the one blocking change -- douglas (14.9 KB) Anonymous, 2007-06-28 12:55

lighttpd-ldap-deref.patch View - adds dereference option (5.12 KB) deepunix, 2007-08-18 15:42

Associated revisions

Revision 8b282db1 (diff)
Added by gstrauss 6 months ago

[mod_auth] permit specifying ldap DN; skip search (fixes #1248)

If auth.backend.ldap.filter begins with ',', then concatenate
uid=<username> with the 'filter' value to form the DN instead of using
ldap_search to query LDAP for the DN for the username, applying the
provided filter.

x-ref:
"Allow User-DN to be supplied in the configuration rather than searching"
https://redmine.lighttpd.net/issues/1248

History

#1 Updated by Anonymous over 9 years ago

I'm not sure if it was clear from reading my comments, but the first two patches (the first of which can be ignored) are against the 1.4.x branch. The third and final patch is against the trunk.

-- douglas

#2 Updated by deepunix over 9 years ago

This ticket would be a good place for adding patches to mod_auth's ldap code ;)

Here is my patch against 1.4.16 that adds possibility to set dereference option. The option is set every time user is authenticating. It works, but needs some testing.

It's enabled by adding to config file the following line:


auth.backend.ldap.deref  = "always"  # can be always, find, search or never

Douglas, maybe you could integrate this into your patch ? :)

#3 Updated by gstrauss 8 months ago

  • Assignee deleted (jan)

#4 Updated by gstrauss 8 months ago

  • Target version deleted (1.5.0)

#5 Updated by gstrauss 6 months ago

  • Description updated (diff)
  • Status changed from New to Need Feedback

Is there still interest in allowing User-DN to be supplied in the configuration rather than searching?

Separately, is there interest in deepunix dereference option (which was inappropriately posted to this ticket)?

#6 Updated by gstrauss 6 months ago

Perhaps a specially-formated auth.backend.ldap.filter that begins with ',' could indicate that there is no need for a query and to simply concatenate uid=<username> to the 'filter' to form the DN.

#7 Updated by gstrauss 6 months ago

  • Status changed from Need Feedback to Fixed
  • % Done changed from 0 to 100

Also available in: Atom