CODEWITHSUNDEEP
apachepython-ldap
Atsu Mori
Atsu Mori

Reputation: 11

Pass username after LDAP auth on Apache

I have users authenticating against a jumpcloud ldap db. They successfully authenticate but the username they enter does not get passed on to the application. I tried to set it to REMOTE_USER and called it but it gives out an empty output. aka REMOTE_USER = none

How do I pass the username to the application?

AllowOverride None
    Order allow,deny
    allow from all
    AddHandler mod_python .py
    PythonHandler mod_python.publisher
    PythonDebug On
    LDAPTrustedClientCert certbase /ssl/file/path
    AuthType Basic
    AuthName "name"
    AuthBasicProvider ldap
    AuthLDAPURL "ldaps://ldap.jumpcloud.com~~~~"
    AuthLDAPBindDN "uid=userid,ou=Users,o=orgnum,dc=jumpcloud,dc=com"
    AuthLDAPBindPassword password
    RequestHeader set X-Remote-User expr=%{REMOTE_USER}
    Require valid-user

Upvotes: 0

Views: 502

Answers (1)

Greg Keller
Greg Keller

Reputation: 1

I work at JumpCloud and am a member of the product team. While I don't know your precise auth'n use case, what I would recommend is to try a fully qualified username lookup. Our LDAP will require a user dn string that would be similar to something like this which we've seen other off the shelf products require: 

uid=${userID},ou=users,o=(Your JumpCloud Org ID),dc=jumpcloud,dc=com

Also, specific to your LDAP BindDN (e.g. the service account in JumpCloud you're using to make the secure handshake to your service/app) needs to be very precise...e.g.:

uid=(Your BindDN Username),ou=users,o=(Your JumpCloud Org ID),dc=jumpcloud,dc=com

Absolutely feel free to shoot us an email at [email protected] and we can get into a much deeper analysis to get you going.

Upvotes: 0

Related Questions