Index: mod_authnz_ldap.c =================================================================== --- mod_authnz_ldap.c (revision 602237) +++ mod_authnz_ldap.c (working copy) @@ -514,6 +514,7 @@ int required_ldap = 0; char filtbuf[FILTER_LENGTH]; + int remote_user_attribute_set = 0; const char *dn = NULL; const char **vals = NULL; @@ -601,6 +602,43 @@ ap_set_module_config(r->request_config, &authnz_ldap_module, req); req->dn = apr_pstrdup(r->pool, dn); req->user = r->user; + if (sec->user_is_dn) { + r->user = req->dn; + } + + /* add environment variables */ + if (sec->attributes && vals) { + apr_table_t *e = r->subprocess_env; + int i = 0; + while (sec->attributes[i]) { + char *str = apr_pstrcat(r->pool, AUTHZ_PREFIX, sec->attributes[i], NULL); + int j = sizeof(AUTHZ_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */ + while (str[j]) { + str[j] = apr_toupper(str[j]); + j++; + } + apr_table_setn(e, str, vals[i]); + + /* handle remote_user_attribute, if set */ + if (sec->remote_user_attribute && + !strcmp(sec->remote_user_attribute, sec->attributes[i])) { + r->user = (char *)apr_pstrdup(r->pool, vals[i]); + remote_user_attribute_set = 1; + } + i++; + } + } + + /* sanity check */ + if (sec->remote_user_attribute && !remote_user_attribute_set) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, + "[%" APR_PID_T_FMT "] auth_ldap authenticate: " + "REMOTE_USER was to be set with attribute '%s', " + "but this attribute was not requested for in the " + "LDAP query for the user. REMOTE_USER will fall " + "back to username or DN as appropriate.", getpid(), + sec->remote_user_attribute); + } } /* Loop through the requirements array until there's no elements Index: mod_auth.h =================================================================== --- mod_auth.h (revision 602237) +++ mod_auth.h (working copy) @@ -41,6 +41,7 @@ #define AUTHN_PROVIDER_NAME_NOTE "authn_provider_name" #define AUTHN_PREFIX "AUTHENTICATE_" +#define AUTHZ_PREFIX "AUTHORIZE_" typedef enum { AUTH_DENIED,