Project

General

Profile

Actions

Feature #1248

closed

Allow User-DN to be supplied in the configuration rather than searching

Added by Anonymous over 17 years ago. Updated about 8 years ago.

Status:
Fixed
Priority:
Normal
Category:
mod_auth
Target version:
-
ASK QUESTIONS IN Forums:

Description

Right now, every connection requires an anonymous (or bound) connection used to search the user-dn. Rather than searching for the user-dn, it should be possible to define the user-dn in the configuration file.

-- douglas


Files

lighttpd.ldap.userdn.patch (13.4 KB) lighttpd.ldap.userdn.patch Resolution for the enhancement. In addition, I have changed the hack limiting the username to alphanums, and instead correctly escape unallowed characters in the username (permitting usernames like user@company.com ) -- douglas Anonymous, 2007-06-27 14:50
lighttpd.ldap.userdn.2.patch (16.3 KB) lighttpd.ldap.userdn.2.patch I've updated the patch to still use the filter when using a userdn -- douglas Anonymous, 2007-06-28 10:06
lighttpd_trunk.ldap.userdn.patch (14.9 KB) lighttpd_trunk.ldap.userdn.patch The above patch is against the 1.4.x branch, this is the same patch applied to the trunk, adjusting for the one blocking change -- douglas Anonymous, 2007-06-28 12:55
lighttpd-ldap-deref.patch (5.12 KB) lighttpd-ldap-deref.patch adds dereference option deepunix, 2007-08-18 15:42
Actions #1

Updated by Anonymous over 17 years ago

I'm not sure if it was clear from reading my comments, but the first two patches (the first of which can be ignored) are against the 1.4.x branch. The third and final patch is against the trunk.

-- douglas

Actions #2

Updated by deepunix about 17 years ago

This ticket would be a good place for adding patches to mod_auth's ldap code ;)

Here is my patch against 1.4.16 that adds possibility to set dereference option. The option is set every time user is authenticating. It works, but needs some testing.

It's enabled by adding to config file the following line:


auth.backend.ldap.deref  = "always"  # can be always, find, search or never

Douglas, maybe you could integrate this into your patch ? :)

Actions #3

Updated by gstrauss over 8 years ago

  • Assignee deleted (jan)
Actions #4

Updated by gstrauss over 8 years ago

  • Target version deleted (1.5.0)
Actions #5

Updated by gstrauss about 8 years ago

  • Description updated (diff)
  • Status changed from New to Need Feedback

Is there still interest in allowing User-DN to be supplied in the configuration rather than searching?

Separately, is there interest in deepunix dereference option (which was inappropriately posted to this ticket)?

Actions #6

Updated by gstrauss about 8 years ago

Perhaps a specially-formated auth.backend.ldap.filter that begins with ',' could indicate that there is no need for a query and to simply concatenate uid=<username> to the 'filter' to form the DN.

Actions #7

Updated by gstrauss about 8 years ago

  • Status changed from Need Feedback to Fixed
  • % Done changed from 0 to 100
Actions

Also available in: Atom