0

I'm dealing with a legacy system that uses Apache with mod_auth_basic and mod_authnz_ldap for authentication and authorization in given directories and those directories with an .htaccess file. The authenticated user is then provided to various CGI scripts.

I would like to force all usernames to lowercase within the Apache httpd.conf config file, if possible. This would allow me to skip updating tens of old CGI files to force the username to lowercase (where it is eventually used), by updating one configuration file and restarting the server.

The directory full of CGI scripts that I want to provide a lowercase username to is already protected by AuthType Basic followed by AuthBasicProvider ldap followed by an AuthLDAPURL specific to my case. This authentication works.

I initially tried using mod_rewrite, not realizing until later that mod_rewrite is primarily for rewriting URLs.

Is this possible to do? Am I missing something that would allow me to force the username to lowercase via mod_auth_basic or mod_authnz_ldap?

russsaidwords
  • 1
  • 2

1 Answers1

0

Based on https://stackoverflow.com/a/31242711/773806 I was able to resolve this question.

  1. I first ensured that mod_perl 2 was installed in all relevant environments.
  2. I then added the following to my httpd.conf file:
PerlRequire /etc/httpd/scripts/startup.pl
PerlHeaderParserHandler MyApache2::ConvertUserToLowercase
  1. I created the directories /etc/httpd/scripts and /etc/httpd/scripts/MyApache2.
  2. Within /etc/httpd/scripts I created the file startup.pl with the following contents:
use lib qw(/etc/httpd/scripts/);
1;
  1. Within /etc/httpd/scripts/MyApache2 I created the file ConvertUserToLowercase.pm and added the following contents:
package MyApache2::ConvertUserToLowercase;

use strict;
use warnings FATAL => 'all';

use APR::Base64;
use Apache2::Access;
use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED);
use Apache2::RequestRec;
use APR::Table ();

sub handler {
    my $request = shift;
    my ($code, $password) = $request->get_basic_auth_pw();
    if ($code == Apache2::Const::OK) {    
        my $user = lc $request->user;
        my $auth_header = APR::Base64::encode("$user:$password");
        $request->headers_in->{'Authorization'} = "Basic $auth_header";
    }
    return Apache2::Const::OK;
}

1;
  1. Ensure that all files are readable by Apache.
  2. The server configuration was then tested with httpd -t and restarted with sudo systemctl restart httpd.
russsaidwords
  • 1
  • 2