Allow mod_authnz_ldap to set environment variables when it only performs authorization.

AuthLDAPAuthorizePrefix can be used to force this to overlap with the prefix used for authentication. PR 45584 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@949336 13f79535-47bb-0310-9956-ffa450edef68
author: Eric Covener <covener@apache.org> 2010-05-29 04:32:22 +0200
committer: Eric Covener <covener@apache.org> 2010-05-29 04:32:22 +0200
commit: 27c654fc67365e1b6ef9f8a66029d67968edc1ce (patch)
tree: 683a200a7e4ed1dc563e3e780629c2ab60db67c7 /docs
parent: add a standard AUTHZ_PREFIX for, no MMN bump since it's just baked in if you (diff)
download: apache2-27c654fc67365e1b6ef9f8a66029d67968edc1ce.tar.xz
apache2-27c654fc67365e1b6ef9f8a66029d67968edc1ce.zip
2 files changed, 61 insertions, 4 deletions
diff --git a/docs/manual/mod/mod_authnz_ldap.html.en b/docs/manual/mod/mod_authnz_ldap.html.en
index 5731454d62..0a0f4df0a4 100644
--- a/docs/manual/mod/mod_authnz_ldap.html.en
+++ b/docs/manual/mod/mod_authnz_ldap.html.en
@@ -59,6 +59,7 @@ for HTTP Basic authentication.</td></tr>
 </div>
 <div id="quickview"><h3 class="directives">Directives</h3>
 <ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#authldapauthorizeprefix">AuthLDAPAuthorizePrefix</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapbindauthoritative">AuthLDAPBindAuthoritative</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapbinddn">AuthLDAPBindDN</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapbindpassword">AuthLDAPBindPassword</a></li>
@@ -624,10 +625,14 @@ Require valid-user
 <div class="section">
 <h2><a name="exposed" id="exposed">Exposing Login Information</a></h2>
 
-    <p>When this module performs authentication, LDAP attributes specified
-    in the <code class="directive"><a href="#authldapurl">AuthLDAPUrl</a></code> 
+    <p>when this module performs <em>authentication</em>, ldap attributes specified
+    in the <code class="directive"><a href="#authldapurl">authldapurl</a></code> 
     directive are placed in environment variables with the prefix "AUTHENTICATE_".</p>
 
+    <p>when this module performs <em>authorization</em>, ldap attributes specified
+    in the <code class="directive"><a href="#authldapurl">authldapurl</a></code> 
+    directive are placed in environment variables with the prefix "AUTHORIZE_".</p>
+
     <p>If the attribute field contains the username, common name
     and telephone number of a user, a CGI program will have access to
     this information without the need to make a second independent LDAP
@@ -755,6 +760,30 @@ Require group <em>mygroupfile</em>
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPAuthorizePrefix" id="AuthLDAPAuthorizePrefix">AuthLDAPAuthorizePrefix</a> <a name="authldapauthorizeprefix" id="authldapauthorizeprefix">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the prefix for environment variables set during
+authorization</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPAuthorizePrefix <em>prefix</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPAuthorizePrefix AUTHORIZE_</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.3.7 and later</td></tr>
+</table>
+    <p>This directive allows you to override the prefix used for environment
+    variables set during LDAP authorization.  If <em>AUTHENTICATE_</em> is
+    specified, consumers of these environment variables see the same information
+    whether LDAP has performed authentication, authorization, or both.</p>
+
+    <div class="note"><h3>Note</h3>
+    No authorization variables are set when a user is authorized on the basis of 
+    <code>Require valid-user</code>.
+    </div>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthLDAPBindAuthoritative" id="AuthLDAPBindAuthoritative">AuthLDAPBindAuthoritative</a> <a name="authldapbindauthoritative" id="authldapbindauthoritative">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the users credentials.</td></tr>
diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml
index 8b1ee4a452..7b931bced7 100644
--- a/docs/manual/mod/mod_authnz_ldap.xml
+++ b/docs/manual/mod/mod_authnz_ldap.xml
@@ -618,10 +618,14 @@ Require valid-user
 
 <section id="exposed"><title>Exposing Login Information</title>
 
-    <p>When this module performs authentication, LDAP attributes specified
-    in the <directive module="mod_authnz_ldap">AuthLDAPUrl</directive> 
+    <p>when this module performs <em>authentication</em>, ldap attributes specified
+    in the <directive module="mod_authnz_ldap">authldapurl</directive> 
     directive are placed in environment variables with the prefix "AUTHENTICATE_".</p>
 
+    <p>when this module performs <em>authorization</em>, ldap attributes specified
+    in the <directive module="mod_authnz_ldap">authldapurl</directive> 
+    directive are placed in environment variables with the prefix "AUTHORIZE_".</p>
+
     <p>If the attribute field contains the username, common name
     and telephone number of a user, a CGI program will have access to
     this information without the need to make a second independent LDAP
@@ -752,6 +756,30 @@ Require group <em>mygroupfile</em>
 </section>
 
 <directivesynopsis>
+<name>AuthLDAPAuthorizePrefix</name>
+<description>Specifies the prefix for environment variables set during
+authorization</description>
+<syntax>AuthLDAPAuthorizePrefix <em>prefix</em></syntax>
+<default>AuthLDAPAuthorizePrefix AUTHORIZE_</default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+<compatibility>Available in version 2.3.7 and later</compatibility>
+<usage>
+    <p>This directive allows you to override the prefix used for environment
+    variables set during LDAP authorization.  If <em>AUTHENTICATE_</em> is
+    specified, consumers of these environment variables see the same information
+    whether LDAP has performed authentication, authorization, or both.</p>
+
+    <note><title>Note</title>
+    No authorization variables are set when a user is authorized on the basis of 
+    <code>Require valid-user</code>.
+    </note>
+</usage>
+</directivesynopsis>
+
+
+<directivesynopsis>
 <name>AuthLDAPBindAuthoritative</name>
 <description>Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the users credentials.</description>
 <syntax>AuthLDAPBindAuthoritative<em>off|on</em></syntax>
author	Eric Covener <covener@apache.org>	2010-05-29 04:32:22 +0200
committer	Eric Covener <covener@apache.org>	2010-05-29 04:32:22 +0200
commit	27c654fc67365e1b6ef9f8a66029d67968edc1ce (patch)
tree	683a200a7e4ed1dc563e3e780629c2ab60db67c7 /docs
parent	add a standard AUTHZ_PREFIX for, no MMN bump since it's just baked in if you (diff)
download	apache2-27c654fc67365e1b6ef9f8a66029d67968edc1ce.tar.xz apache2-27c654fc67365e1b6ef9f8a66029d67968edc1ce.zip