I finally succeed on configuring Apache as a SPNEGO reverse proxy for my app, and I'm using the AUTHORIZE_SAMACCOUNTNAME, AUTHORIZE_CN and AUTHORIZE_MAIL to figure out some information about the logged in user. But this is only the first step.
Currently, I'm using a generic rule like Require ldap-group cn=General Group,cn=Users,dc=example,dc=com, but what I really need are multiple rules, one for each group. i.e.
<RequireAny>
Require ldap-group cn=Regular Users,cn=Users,dc=example,dc=com
Require ldap-group cn=Managers,cn=Users,dc=example,dc=com
Require ldap-group cn=Admins,cn=Users,dc=example,dc=com
</RequireAny>
This config works, but I need to know which Require directive passed. My final goal is to set some custom header like X-Auth-Rule to different values, like Regular, Manager or Admin.
Is there a way to do this?
p.s. Before someone suggests this, I know I could get the sAMAccountName and query the LDAP myself, from the proxied app, but I'm seeking for alternatives to this.
