Hi Craig,

We are using x509 client certificates to authenticate against our webserver.  Long story short, our user names look like this.

/C=US/ST=state/L=local/O=organization/OU=organizational unit/CN=Christian Pearce/emailAddress=username@domain.dom

I patched lib/CGI/Lib.pm:

  132     #
133 # Handle LDAP uid=user when using mod_authz_ldap and otherwise untaint
134 #
135 $User = $1 if ( $User =~ /uid=([^,]+)/i || $User =~ /(.*)/ );
136

Can you change line 135 to look like this?

$User = $1 if ( $User =~ /uid=([^,]+)/i || $User =~ /emailAddress=([^@]+)/i || $User =~ /(.*)/ );



--
xforty technologies
Christian Pearce
888-231-9331 x1119
http://xforty.com