Christian Pearce
2010-01-22 14:32:23 UTC
Hi Craig,
We are using x509 client certificates to authenticate against our webserver. Long story short, our user names look like this.
/C=US/ST=state/L=local/O=organization/OU=organizational unit/CN=Christian Pearce/emailAddress=***@domain.dom
I patched lib/CGI/Lib.pm:
132 #
133 # Handle LDAP uid=user when using mod_authz_ldap and otherwise untaint
134 #
135 $User = $1 if ( $User =~ / uid =([^,]+)/ i || $User =~ /(.*)/ );
136
Can you change line 135 to look like this?
$User = $1 if ( $User =~ /uid=([^,]+)/i || $User =~ /emailAddress=([^@]+)/i || $User =~ /(.*)/ );
We are using x509 client certificates to authenticate against our webserver. Long story short, our user names look like this.
/C=US/ST=state/L=local/O=organization/OU=organizational unit/CN=Christian Pearce/emailAddress=***@domain.dom
I patched lib/CGI/Lib.pm:
132 #
133 # Handle LDAP uid=user when using mod_authz_ldap and otherwise untaint
134 #
135 $User = $1 if ( $User =~ / uid =([^,]+)/ i || $User =~ /(.*)/ );
136
Can you change line 135 to look like this?
$User = $1 if ( $User =~ /uid=([^,]+)/i || $User =~ /emailAddress=([^@]+)/i || $User =~ /(.*)/ );
--
xforty technologies
Christian Pearce
888-231-9331 x1119
http://xforty.com
xforty technologies
Christian Pearce
888-231-9331 x1119
http://xforty.com