Feature #1248


Allow User-DN to be supplied in the configuration rather than searching

Added by Anonymous almost 17 years ago. Updated over 7 years ago.

Target version:


Right now, every connection requires an anonymous (or bound) connection used to search the user-dn. Rather than searching for the user-dn, it should be possible to define the user-dn in the configuration file.

-- douglas


lighttpd.ldap.userdn.patch (13.4 KB) lighttpd.ldap.userdn.patch Resolution for the enhancement. In addition, I have changed the hack limiting the username to alphanums, and instead correctly escape unallowed characters in the username (permitting usernames like ) -- douglas Anonymous, 2007-06-27 14:50
lighttpd.ldap.userdn.2.patch (16.3 KB) lighttpd.ldap.userdn.2.patch I've updated the patch to still use the filter when using a userdn -- douglas Anonymous, 2007-06-28 10:06
lighttpd_trunk.ldap.userdn.patch (14.9 KB) lighttpd_trunk.ldap.userdn.patch The above patch is against the 1.4.x branch, this is the same patch applied to the trunk, adjusting for the one blocking change -- douglas Anonymous, 2007-06-28 12:55
lighttpd-ldap-deref.patch (5.12 KB) lighttpd-ldap-deref.patch adds dereference option deepunix, 2007-08-18 15:42
Actions #1

Updated by Anonymous almost 17 years ago

I'm not sure if it was clear from reading my comments, but the first two patches (the first of which can be ignored) are against the 1.4.x branch. The third and final patch is against the trunk.

-- douglas

Actions #2

Updated by deepunix almost 17 years ago

This ticket would be a good place for adding patches to mod_auth's ldap code ;)

Here is my patch against 1.4.16 that adds possibility to set dereference option. The option is set every time user is authenticating. It works, but needs some testing.

It's enabled by adding to config file the following line:

auth.backend.ldap.deref  = "always"  # can be always, find, search or never

Douglas, maybe you could integrate this into your patch ? :)

Actions #3

Updated by gstrauss almost 8 years ago

  • Assignee deleted (jan)
Actions #4

Updated by gstrauss almost 8 years ago

  • Target version deleted (1.5.0)
Actions #5

Updated by gstrauss over 7 years ago

  • Description updated (diff)
  • Status changed from New to Need Feedback

Is there still interest in allowing User-DN to be supplied in the configuration rather than searching?

Separately, is there interest in deepunix dereference option (which was inappropriately posted to this ticket)?

Actions #6

Updated by gstrauss over 7 years ago

Perhaps a specially-formated auth.backend.ldap.filter that begins with ',' could indicate that there is no need for a query and to simply concatenate uid=<username> to the 'filter' to form the DN.

Actions #7

Updated by gstrauss over 7 years ago

  • Status changed from Need Feedback to Fixed
  • % Done changed from 0 to 100

Also available in: Atom