Project

General

Profile

Feature #1248

Allow User-DN to be supplied in the configuration rather than searching

Added by Anonymous over 10 years ago. Updated about 1 year ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
mod_auth
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

Right now, every connection requires an anonymous (or bound) connection used to search the user-dn. Rather than searching for the user-dn, it should be possible to define the user-dn in the configuration file.

-- douglas

lighttpd.ldap.userdn.patch (13.4 KB) lighttpd.ldap.userdn.patch Resolution for the enhancement. In addition, I have changed the hack limiting the username to alphanums, and instead correctly escape unallowed characters in the username (permitting usernames like user@company.com ) -- douglas Anonymous, 2007-06-27 14:50
lighttpd.ldap.userdn.2.patch (16.3 KB) lighttpd.ldap.userdn.2.patch I've updated the patch to still use the filter when using a userdn -- douglas Anonymous, 2007-06-28 10:06
lighttpd_trunk.ldap.userdn.patch (14.9 KB) lighttpd_trunk.ldap.userdn.patch The above patch is against the 1.4.x branch, this is the same patch applied to the trunk, adjusting for the one blocking change -- douglas Anonymous, 2007-06-28 12:55
lighttpd-ldap-deref.patch (5.12 KB) lighttpd-ldap-deref.patch adds dereference option deepunix, 2007-08-18 15:42

Associated revisions

Revision 8b282db1 (diff)
Added by gstrauss about 1 year ago

[mod_auth] permit specifying ldap DN; skip search (fixes #1248)

If auth.backend.ldap.filter begins with ',', then concatenate
uid=<username> with the 'filter' value to form the DN instead of using
ldap_search to query LDAP for the DN for the username, applying the
provided filter.

x-ref:
"Allow User-DN to be supplied in the configuration rather than searching"
https://redmine.lighttpd.net/issues/1248

History

#1

Updated by Anonymous over 10 years ago

I'm not sure if it was clear from reading my comments, but the first two patches (the first of which can be ignored) are against the 1.4.x branch. The third and final patch is against the trunk.

-- douglas

#2

Updated by deepunix over 10 years ago

This ticket would be a good place for adding patches to mod_auth's ldap code ;)

Here is my patch against 1.4.16 that adds possibility to set dereference option. The option is set every time user is authenticating. It works, but needs some testing.

It's enabled by adding to config file the following line:


auth.backend.ldap.deref  = "always"  # can be always, find, search or never

Douglas, maybe you could integrate this into your patch ? :)

#3

Updated by gstrauss over 1 year ago

  • Assignee deleted (jan)
#4

Updated by gstrauss over 1 year ago

  • Target version deleted (1.5.0)
#5

Updated by gstrauss about 1 year ago

  • Description updated (diff)
  • Status changed from New to Need Feedback

Is there still interest in allowing User-DN to be supplied in the configuration rather than searching?

Separately, is there interest in deepunix dereference option (which was inappropriately posted to this ticket)?

#6

Updated by gstrauss about 1 year ago

Perhaps a specially-formated auth.backend.ldap.filter that begins with ',' could indicate that there is no need for a query and to simply concatenate uid=<username> to the 'filter' to form the DN.

#7

Updated by gstrauss about 1 year ago

  • Status changed from Need Feedback to Fixed
  • % Done changed from 0 to 100

Also available in: Atom