I need Apache, configured as Proxy pass, to check the Authorization: Basic ... header against an LDAP server, setting a custom header if credentials exist and are correct but passing the request to the downstream server even if auth is missing or plain wrong.
I tried the following configuration:
<Location ~ /my/path/(.*)/my/resource(/.+)?>
AuthType Basic
AuthName "Login with user id"
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthLDAPURL "my LDAP url"
AuthLDAPBindDN "my bind variables"
AuthLDAPBindPassword ******
RequestHeader set X-Authenticated-User %{AUTHENTICATE_uid}e
SetEnv 1 noauth
<RequireAny>
Require valid-user
Require env noauth
</RequireAny>
ProxyPreserveHost On
ProxyPass http://downstream.server/my/other/path/$1/$2
ProxyPassReverse http://downstream.server/my/other/path/$1/$2
</Location>
But this way the X-Authenticated-User is always (null) even with valid credentials, probably because Apache optimises and doesn't perform the check at all.
I could manage to have (null) if the password mismatches or is not present at all.
My requirement is that the request is always sent to the downstream server, with the X-Authenticated-User set to the given username only if the password matches.
I edited the configuration: if I comment the Require env noauth line the basic auth works properly.
