Apache2 mod_rewrite remote user variable to lowercase

Question

i'm using the mod_auth_kerb module for kerberos authentication in apache.

Usernames have the format "User.Name" like here:

[authz_core:error]  AH01631: user User.Name: authorization failure for "/site/":

I need the full Username in lowercase. The variable is %{LA-U:REMOTE_USER}

How can I rewrite the variable to lowercase with mod_rewrite? Or is there a better way?

Thanks for your help.

Answer 1

you can solve this with a auth_to_local Rule in your Kerberos-configuration like mentioned in http://comp.protocols.kerberos.narkive.com/fzcjz10b/auth-to-local-rule-to-convert-camel-case-principals-to-all-lower-case

[realms] REALM.YOUR.TLD = { auth_to_local = RULE:[1:$1](.*)s/A/a/g s/B/b/g s/B/b/g s/C/c/g s/D/d/g s/E/e/g s/F/f/g s/G/g/g s/H/h/g s/I/i/g s/J/j/g s/K/k/g s/L/l/g s/M/m/g s/N/n/g s/O/o/g s/P/p/g s/Q/q/g s/R/r/g s/S/s/g s/T/t/g s/U/u/g s/V/v/g s/W/w/g s/X/x/g s/Y/y/g s/Z/z/g

Maybe there's a more efficient regex, but I couldn't find one, because you may only use search/replace syntax.

Another way would be mod_map_user

• http://www.perzl.org/aix/index.php?n=Main.ModMapUser

Or you set up SSSD

• https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Introduction.html

• http://www.admin-magazin.de/Das-Heft/2012/03/Der-System-Security-Services-Daemon (german)

Yours Tobias