Skip to Content.
Sympa Menu

shibboleth-dev - RE: RM within Apache...?

Subject: Shibboleth Developers

List archive

RE: RM within Apache...?


Chronological Thread 
  • From: "Michael A. Grady" <>
  • To: ,
  • Subject: RE: RM within Apache...?
  • Date: Thu, 8 Nov 2001 18:11:56 -0600 (CST)

I've looked briefly at several of the LDAP modules currently available
for Apache. All the ones I've seen to date assume that you are using
the module for both authentication and authorization. I.e. when you get
to the authorization part, it assumes you've already done a search and found
the DN of the user object in question -- because that had to be done for
the authentication step.

That said, it shouldn't be too hard to change that by modifying one of the
current LDAP modules (auth_ldap seemed a likely candidate when I was looking
at this this past May). I see that there is now a more recent release than
the version I looked at:

http://www.rudedog.org/auth_ldap/

> From: "Scott Cantor"
> <>
> To:
> <>
> Subject: RE: RM within Apache...?
> Date: Thu, 8 Nov 2001 18:14:29 -0500
> X-MSMail-Priority: Normal
> Importance: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> X-Listprocessor-Version: 8.2.09/990901/11:28 -- ListProc(tm) by CREN
>
> > We've talked a bit about the relationship between the SHAR and
> > the RM......
> >
> > but, I got to wondering, is there a "standard" RM within Apache that
> > will meet our needs? Clearly, there's something that supports
> > htaccess files, and a narrow set of directives found in those files.
> > But, is there anything that might attempt to match a broader set of
> > attributes against policy rules?
>
> I'm not aware of anything particularly ambitious in that department, but I
> use mainly iPlanet myself, so my Apache breadth is limited.
>
> Thinking about it a little, it would seem like something LDAP-related
might
> be a close match, since it might support LDAP filters as access rules.
> iPlanet comes reasonably close to that, and the ACL API is pretty flexible
> as a way to plug in to the policy evaluator, but when it lost market
share,
> I lost interest in writing a plugin for it way back when.
>
> -- Scott
>
>

--
Michael A. Grady

Senior Research Programmer http://ljordal.cso.uiuc.edu
University of Illinois (217) 244-1253 phone
Computing & Communications Services Office (217) 265-5635 fax
Rm. 103, MC 680, 2212 Fox Drive, Suite C Champaign, IL 61820

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--




Archive powered by MHonArc 2.6.16.

Top of Page