Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionJan Pazdziora (Red Hat)
2016-01-30 17:24:21 UTC
Description of problem:
The mod_lookup_identity 0.9.4 added support for LookupOutput headers and LookupOutput headers-base64 that make it possible to populate multiple HTTP headers of the requests with attributes of the authenticated user, including their group membership. That simplifies the deployments with layered products where HTTP proxies are used in front of applications -- separate HTTP headers, and/or the ability to Base64-encode the values, makes it easier to pass the information in safe manner.
The version 0.9.5 is then compatibility release for Apache 2.2 which is not needed for RHEL 7 but would be nice to have to match upstream.
Version-Release number of selected component (if applicable):
0.9.3
How reproducible:
Deterministic.
Steps to Reproduce:
1. Use HTTP authenticating proxy and try to populate REMOTE_USER_GROUP_N, REMOTE_USER_GROUP_1, ... values.
Actual results:
Not possible with 0.9.3 unless you want to limit the number of groups handled.
Expected results:
LookupOutput headers (or headers-base64) makes it possible and easy.
Additional info:
[root@dhcp207-129 ~]# rpm -qi mod_lookup_identity
Name : mod_lookup_identity
Version : 0.9.5
Release : 1.el7
Architecture: x86_64
Install Date: Mon 19 Sep 2016 02:21:12 PM IST
Group : System Environment/Daemons
Size : 49646
License : ASL 2.0
Signature : RSA/SHA256, Wed 27 Jul 2016 08:49:37 PM IST, Key ID 938a80caf21541eb
Source RPM : mod_lookup_identity-0.9.5-1.el7.src.rpm
Build Date : Wed 24 Feb 2016 12:22:25 PM IST
Build Host : x86-036.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor : Red Hat, Inc.
URL : http://www.adelton.com/apache/mod_lookup_identity/
Summary : Apache module to retrieve additional information about the authenticated user
Description :
mod_lookup_identity can retrieve additional pieces of information
about user authenticated in Apache httpd server and store these values
in notes/environment variables to be consumed by web applications.
Use of REMOTE_USER_* environment variables is recommended.
[root@dhcp207-129 ~]#
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHEA-2016-2252.html