|Summary:||Allow to use username in LDAP filter|
|Product:||Apache httpd-2||Reporter:||Julien Danjou <julien>|
|Component:||mod_authn_ldap||Assignee:||Apache HTTPD Bugs Mailing List <bugs>|
|Attachments:||Patch implementing that|
Description Julien Danjou 2011-04-01 05:29:58 UTC
Currently, the filter given in AuthLDAPURL abuse the RFC by using the attribute to match the username provided. This does not allow more complex search filter. The attached patch replaces %u in the filter string by the provided username, so one can check for more complicated things like: ldap://ldap.example.com/ou=users,o=easter-eggs??base?(email@example.com) Please note that this patch does not modify the current behaviour and is backward compatible. Something that can be enhanced is the use of 'attribute' in the filter based on its presence in the URL or not. Currently, the documentation says it's set to uid by default, which is a problem if you do no want to use the default filter. I though about ignoring attribute if it's not present, but that might break compatibility. I'm fine with my patch's approach, but if you think another one is better, just tell me, I'll rework the patch.