Apache 2.4 REMOTE_USER lowercase

russsaidwords

11/9/23, 7:03 PM

I'm dealing with a legacy system that uses Apache with mod_auth_basic and mod_authnz_ldap for authentication and authorization in given directories and those directories with an .htaccess file. The authenticated user is then provided to various CGI scripts.

I would like to force all usernames to lowercase within the Apache httpd.conf config file, if possible. This would allow me to skip updating tens of old CGI files to force the username to lowercase (where it is eventually used), by updating one configuration file and restarting the server.

The directory full of CGI scripts that I want to provide a lowercase username to is already protected by AuthType Basic followed by AuthBasicProvider ldap followed by an AuthLDAPURL specific to my case. This authentication works.

I initially tried using mod_rewrite, not realizing until later that mod_rewrite is primarily for rewriting URLs.

Is this possible to do? Am I missing something that would allow me to force the username to lowercase via mod_auth_basic or mod_authnz_ldap?

116

1 + 0

http-basic-authentication

apache-2.4

Score:0

Server

russsaidwords

11/11/23, 9:05 PM

Based on https://stackoverflow.com/a/31242711/773806 I was able to resolve this question.

I first ensured that mod_perl 2 was installed in all relevant environments.
I then added the following to my httpd.conf file:

PerlRequire /etc/httpd/scripts/startup.pl
PerlHeaderParserHandler MyApache2::ConvertUserToLowercase

I created the directories /etc/httpd/scripts and /etc/httpd/scripts/MyApache2.
Within /etc/httpd/scripts I created the file startup.pl with the following contents:

use lib qw(/etc/httpd/scripts/);
1;

Within /etc/httpd/scripts/MyApache2 I created the file ConvertUserToLowercase.pm and added the following contents:

package MyApache2::ConvertUserToLowercase;

use strict;
use warnings FATAL => 'all';

use APR::Base64;
use Apache2::Access;
use Apache2::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED);
use Apache2::RequestRec;
use APR::Table ();

sub handler {
    my $request = shift;
    my ($code, $password) = $request->get_basic_auth_pw();
    if ($code == Apache2::Const::OK) {    
        my $user = lc $request->user;
        my $auth_header = APR::Base64::encode("$user:$password");
        $request->headers_in->{'Authorization'} = "Basic $auth_header";
    }
    return Apache2::Const::OK;
}

1;

Ensure that all files are readable by Apache.
The server configuration was then tested with httpd -t and restarted with sudo systemctl restart httpd.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Apache 2.4 REMOTE_USER lowercase

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.