	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mod_authz_ldap for CoSign

To: Phil Pishioneri <pgp@xxxxxxx>
Subject: Re: mod_authz_ldap for CoSign
From: Kris Steinhoff <steinhof@xxxxxxxxx>
Date: Tue, 1 Nov 2005 15:35:57 -0500
Cc: Cosign Discussion <cosign-discuss@xxxxxxxxx>
In-reply-to: <43679802.2010307@psu.edu>
References: <43679802.2010307@psu.edu>

Hi Phil,

I don't know if I'm see exactly what you're describing, but I posted about something similar a while back and Johanna explained that this is the way mod_cosign and mod_authz_ldap work a the moment.

http://www.umich.edu/~umweb/software/cosign/cosign-discuss/ msg00543.html (Johanna's second point.)

I've developed a set of PHP scripts which help work around this issue. I'll post them later today as a response to the original thread (linked above) to close that loop.

-kris

On Nov 1, 2005, at 11:29 AM, Phil Pishioneri wrote:

We're trying to use mod_authz_ldap with the patches in the mod_authz_ldap-NOTES.txt file (Apache v1). Actually, in the uMich version of the notes (mod_authz_ldap-NOTES-UMICH.txt), it says
4) edit your httpd.conf: IMPORTANT! mod_authz_ldap must be loaded *AFTER* mod_cosign, otherwise some very bad, bad things will happen. :)
#this path will vary based on where you house your .so
#mod_cosign must go first!
    LoadModule cosign__module  libexec/mod_cosign.so
    LoadModule authz_ldap_module  libexec/mod_authz_ldap.so
When we do the config this way (along with the other directives), mod_cosign does not get called before mod_authz_ldap (the redirect for login never even happens on a fresh browser).

If we reverse the order, CoSign login does happen first, but mod_authz_ldap does not have a "user" set (references appear to be a null pointer).

Anyone have suggestions/seen similar problems?

-Phil


--
Kris Steinhoff
University of Michigan Health Service
Information Technology Services

Electronic mail is not secure, may not be read every day,
and should not be used for urgent or sensitive issues.


--
Kris Steinhoff
University of Michigan Health Service
Information Technology Services

Electronic mail is not secure, may not be read every day,
and should not be used for urgent or sensitive issues.


--
Kris Steinhoff
University of Michigan Health Service
Information Technology Services

Electronic mail is not secure, may not be read every day,
and should not be used for urgent or sensitive issues.


--
Kris Steinhoff
University of Michigan Health Service
Information Technology Services

Electronic mail is not secure, may not be read every day,
and should not be used for urgent or sensitive issues.


--
Kris Steinhoff
University of Michigan Health Service
Information Technology Services

Electronic mail is not secure, may not be read every day,
and should not be used for urgent or sensitive issues.

References:
- mod_authz_ldap for CoSign
  - From: Phil Pishioneri

Prev by Date: mod_authz_ldap for CoSign
Next by Date: Re: mod_cosign / mod_authz_ldap behavior
Previous by thread: mod_authz_ldap for CoSign
Next by thread: Candidates for Friend XML-RPC interface?
Index(es):
- Date
- Thread