You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by bn...@apache.org on 2006/01/20 17:53:46 UTC

svn commit: r370856 - /httpd/httpd/trunk/modules/ldap/util_ldap.c

Author: bnicholes
Date: Fri Jan 20 08:53:43 2006
New Revision: 370856

URL: http://svn.apache.org/viewcvs?rev=370856&view=rev
Log:
Set the LDAP protocol before setting extended LDAP options. [PR38146]

Submitted by: Aaron Richton <richton nbcs.rutgers.edu>

Modified:
    httpd/httpd/trunk/modules/ldap/util_ldap.c

Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ldap/util_ldap.c?rev=370856&r1=370855&r2=370856&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Fri Jan 20 08:53:43 2006
@@ -264,6 +264,9 @@
             return(result->rc);
         }
 
+        /* always default to LDAP V3 */
+        ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+
         /* set client certificates */
         if (!apr_is_empty_array(ldc->client_certs)) {
             apr_ldap_set_option(ldc->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
@@ -292,9 +295,6 @@
 
         /* Set the alias dereferencing option */
         ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
-
-        /* always default to LDAP V3 */
-        ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
 
 /*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */
 #ifdef APR_LDAP_OPT_VERIFY_CERT

Re: svn commit: r370856 - /httpd/httpd/trunk/modules/ldap/util_ldap.c

Posted by Ruediger Pluem <rp...@apache.org>.


On 01/23/2006 04:52 AM, Brad Nicholes wrote:
>>>>On 1/21/2006 at 7:02 am, in message <43...@apache.org>,
> 
> rpluem@apache.org wrote:

>>
>>Just curious. Any particular reason why we sometimes use ldap_set_option and 
>>sometimes
>>apr_ldap_set_option in util_ldap.c?
>>

> 
> No real good reason other than the calls to ldap_set_option() predate the existence of apr_ldap_set_option()
> and were never converted.  The reason why apr_ldap_set_option() was created was to abstract the differences
> in the way that starting TLS/SSL happened for each LDAP SDK.  Since ldap options such as LDAP_OPT_PROTOCOL_VERSION
> were common among all of the SDKs, there was just no compelling reason to convert the existing call.
> 

Thanks for clarification. I already thought that something like that could be the reason :).

Regards

Rüdiger

Re: svn commit: r370856 - /httpd/httpd/trunk/modules/ldap/util_ldap.c

Posted by Brad Nicholes <bn...@novell.com>.

>>> On 1/21/2006 at 7:02 am, in message <43...@apache.org>,
rpluem@apache.org wrote:

> 
> On 01/20/2006 05:53 PM, bnicholes@apache.org wrote:
>> Author: bnicholes
> 
> [..cut..]
> 
>>  
>> +        /* always default to LDAP V3 */
>> +        ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
>> +
>>          /* set client certificates */
>>          if (!apr_is_empty_array(ldc->client_certs)) {
>>              apr_ldap_set_option(ldc->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
> 
> Just curious. Any particular reason why we sometimes use ldap_set_option and 
> sometimes
> apr_ldap_set_option in util_ldap.c?
> 
> Regards
> 
> Rüdige

No real good reason other than the calls to ldap_set_option() predate the existence of apr_ldap_set_option() and were never converted.  The reason why apr_ldap_set_option() was created was to abstract the differences in the way that starting TLS/SSL happened for each LDAP SDK.  Since ldap options such as LDAP_OPT_PROTOCOL_VERSION were common among all of the SDKs, there was just no compelling reason to convert the existing call.

Brad

Re: svn commit: r370856 - /httpd/httpd/trunk/modules/ldap/util_ldap.c

Posted by Ruediger Pluem <rp...@apache.org>.


On 01/20/2006 05:53 PM, bnicholes@apache.org wrote:
> Author: bnicholes

[..cut..]

>  
> +        /* always default to LDAP V3 */
> +        ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
> +
>          /* set client certificates */
>          if (!apr_is_empty_array(ldc->client_certs)) {
>              apr_ldap_set_option(ldc->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,

Just curious. Any particular reason why we sometimes use ldap_set_option and sometimes
apr_ldap_set_option in util_ldap.c?

Regards

Rüdiger