From b977fa7c1f65e052e1f36d1f25bc9d5a7890e522 Mon Sep 17 00:00:00 2001
From: Ryan Steinmetz <zi@FreeBSD.org>
Date: Thu, 29 Oct 2015 12:42:01 -0400
Subject: [PATCH] Populate AUTHENTICATE_* environment variables even when we
 are only using mod_authnz_ldap for authorization

---
 modules/aaa/mod_authnz_ldap.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/modules/aaa/mod_authnz_ldap.c b/modules/aaa/mod_authnz_ldap.c
index 534c16f788c..66619534944 100644
--- a/modules/aaa/mod_authnz_ldap.c
+++ b/modules/aaa/mod_authnz_ldap.c
@@ -664,6 +664,21 @@ static int authz_ldap_check_user_access(request_rec *r)
         req->user = r->user;
     }
 
+    /* add environment variables */
+    if (sec->attributes && vals) {
+        apr_table_t *e = r->subprocess_env;
+        int i = 0;
+        while (sec->attributes[i]) {
+            char *str = apr_pstrcat(r->pool, AUTHN_PREFIX, sec->attributes[i], NULL);
+            int j = sizeof(AUTHN_PREFIX)-1; /* string length of "AUTHENTICATE_", excluding the trailing NIL */
+            while (str[j]) {
+                str[j] = apr_toupper(str[j]);
+                j++;
+            }
+            apr_table_setn(e, str, vals[i]);
+        }
+    }
+
     /* Loop through the requirements array until there's no elements
      * left, or something causes a return from inside the loop */
     for(x=0; x < reqs_arr->nelts; x++) {