mod_auth_cas for authn and mod_auth_ldap for authz
Josh Kelley
joshkel at gmail.com
Tue Aug 7 11:59:30 EDT 2007
On 8/6/07, Smith, Matt <matt.smith at uconn.edu> wrote:
> Good analysis - makes sense to me. Phil and I seem to be of the same
> opinion that adding LDAP-specific functionality to mod-auth-cas would
> not be a good idea. Does Apache 2.2's mod-authnz-ldap really allow
> better separation, such that it can do a correct search of LDAP to find
> a DN from REMOTE_USER during the AuthZ phase? If so, it would seem this
> is preferential.
I confirmed that Apache 2.2's mod_authnz_ldap does permit finding a DN
from REMOTE_USER during AuthZ.
I agree that adding LDAP functionality to mod_auth_cas is not a good idea.
Thanks for your help.
Josh Kelley
More information about the cas
mailing list