You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bn...@apache.org on 2006/01/20 17:53:46 UTC
svn commit: r370856 - /httpd/httpd/trunk/modules/ldap/util_ldap.c
Author: bnicholes
Date: Fri Jan 20 08:53:43 2006
New Revision: 370856
URL: http://svn.apache.org/viewcvs?rev=370856&view=rev
Log:
Set the LDAP protocol before setting extended LDAP options. [PR38146]
Submitted by: Aaron Richton <richton nbcs.rutgers.edu>
Modified:
httpd/httpd/trunk/modules/ldap/util_ldap.c
Modified: httpd/httpd/trunk/modules/ldap/util_ldap.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/ldap/util_ldap.c?rev=370856&r1=370855&r2=370856&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ldap/util_ldap.c (original)
+++ httpd/httpd/trunk/modules/ldap/util_ldap.c Fri Jan 20 08:53:43 2006
@@ -264,6 +264,9 @@
return(result->rc);
}
+ /* always default to LDAP V3 */
+ ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+
/* set client certificates */
if (!apr_is_empty_array(ldc->client_certs)) {
apr_ldap_set_option(ldc->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
@@ -292,9 +295,6 @@
/* Set the alias dereferencing option */
ldap_set_option(ldc->ldap, LDAP_OPT_DEREF, &(ldc->deref));
-
- /* always default to LDAP V3 */
- ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
/*XXX All of the #ifdef's need to be removed once apr-util 1.2 is released */
#ifdef APR_LDAP_OPT_VERIFY_CERT
Re: svn commit: r370856 - /httpd/httpd/trunk/modules/ldap/util_ldap.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 01/23/2006 04:52 AM, Brad Nicholes wrote:
>>>>On 1/21/2006 at 7:02 am, in message <43...@apache.org>,
>
> rpluem@apache.org wrote:
>>
>>Just curious. Any particular reason why we sometimes use ldap_set_option and
>>sometimes
>>apr_ldap_set_option in util_ldap.c?
>>
>
> No real good reason other than the calls to ldap_set_option() predate the existence of apr_ldap_set_option()
> and were never converted. The reason why apr_ldap_set_option() was created was to abstract the differences
> in the way that starting TLS/SSL happened for each LDAP SDK. Since ldap options such as LDAP_OPT_PROTOCOL_VERSION
> were common among all of the SDKs, there was just no compelling reason to convert the existing call.
>
Thanks for clarification. I already thought that something like that could be the reason :).
Regards
Rüdiger
Re: svn commit: r370856 -
/httpd/httpd/trunk/modules/ldap/util_ldap.c
Posted by Brad Nicholes <bn...@novell.com>.
>>> On 1/21/2006 at 7:02 am, in message <43...@apache.org>,
rpluem@apache.org wrote:
>
> On 01/20/2006 05:53 PM, bnicholes@apache.org wrote:
>> Author: bnicholes
>
> [..cut..]
>
>>
>> + /* always default to LDAP V3 */
>> + ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
>> +
>> /* set client certificates */
>> if (!apr_is_empty_array(ldc->client_certs)) {
>> apr_ldap_set_option(ldc->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
>
> Just curious. Any particular reason why we sometimes use ldap_set_option and
> sometimes
> apr_ldap_set_option in util_ldap.c?
>
> Regards
>
> Rüdige
No real good reason other than the calls to ldap_set_option() predate the existence of apr_ldap_set_option() and were never converted. The reason why apr_ldap_set_option() was created was to abstract the differences in the way that starting TLS/SSL happened for each LDAP SDK. Since ldap options such as LDAP_OPT_PROTOCOL_VERSION were common among all of the SDKs, there was just no compelling reason to convert the existing call.
Brad
Re: svn commit: r370856 - /httpd/httpd/trunk/modules/ldap/util_ldap.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 01/20/2006 05:53 PM, bnicholes@apache.org wrote:
> Author: bnicholes
[..cut..]
>
> + /* always default to LDAP V3 */
> + ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
> +
> /* set client certificates */
> if (!apr_is_empty_array(ldc->client_certs)) {
> apr_ldap_set_option(ldc->pool, ldc->ldap, APR_LDAP_OPT_TLS_CERT,
Just curious. Any particular reason why we sometimes use ldap_set_option and sometimes
apr_ldap_set_option in util_ldap.c?
Regards
Rüdiger