osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 61990] New: Can't use variable with Require ldap-filter


https://bz.apache.org/bugzilla/show_bug.cgi?id=61990

            Bug ID: 61990
           Summary: Can't use variable with Require ldap-filter
           Product: Apache httpd-2
           Version: 2.4.6
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_authnz_ldap
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: arthur.garnier@xxxxxxxxxxxxxxx
  Target Milestone: ---

Hi,

I'm trying to allow user depending of a URI match with LDAP. 

My conf is like this : 

<If "%{REQUEST_URI} =~ /logs_[a-z0-9]*.[A-Z0-9]{4}/">
SetEnvIf Request_URI "/logs_[a-z0-9]*.([A-Z0-9]*)" VAR=$1
AuthLDAPURL
ldaps://ldap-${Env}.XXXXX.com:1234/DC=XXXXX,DC=com?userPrincipalName
AuthLDAPBindDN 'CN=reader ,OU=YYYYY,OU=YYYYY,DC=XXX,DC=XXXXX,DC=com'
AuthLDAPBindPassword *********
<RequireAll>
    Require valid-user
    Require ldap-filter
memberof:1.2.840.113556.1.4.1941:=CN=%{ENV:VAR}_unixlogs,OU=XXXXXX,OU=XXXXXXXXXXXX,DC=XXXXX,DC=com
</RequireAll>
</If>

But in logs I get : 

Jan 11 14:18:31 XXXXXXX httpd: XXXX|XXXXXXXXX|t="Thu Jan 11 14:18:31 2018" 
rip="XXXXXXXXXXXX" ip="-" uid="XXXXXXXXXXXX" severity="authnz_ldap:debug"
v="XXXXXXXXXX" msg="AH01743: auth_ldap authorize: checking filter
memberof:1.2.840.113556.1.4.1941:=CN=%{ENV:VAR}_unixlogs,OU=XXXXXXXX,OU=XXXXXXX,DC=XXXXX,DC=com"


I also tried to add  :
Require env ROB

And this Require returns "Granted"

Juste in case, in the ldap-filter condition I tried several syntaxes (even some
with no sense):
%{VAR}, ${VAR}, $VAR, %VAR, %{VAR}e, %{ENV:VAR}


The module documentation provides a similar exemple with ldap-groupe :

AuthLDAPURL ldap://ldap.example.com/o=Example?uid
Require ldap-group cn=%{SERVER_NAME}, o=Example


Is there a trick ? It's a bug ?

Thanks in advance !
Regards

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx