You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by Brad Nicholes <BN...@novell.com> on 2004/08/18 01:57:46 UTC
Re: cvs commit: httpd-2.0/modules/aaa NWGNUauthnzldap
mod_authnz_ldap.c NWGNUmakefile
This is the first attempt to restructure mod_auth_ldap to fit the new
authentication model. There are a couple of things to note that I would
like some feedback on.
1. The ldap_authn provider and ldap_authz handler exist in the same
module. The reason for this is because both handlers depend on the same
set of directive values to provide the necessary information for
establishing a connection to the ldap server. Rather than having to
redefine the AuthLDAPUrl, AuthLDAPBindDN and AuthLDAPBindPassword for
two different modules, it seemed to make more sense both from a module
perspective and a user interface perspective, to allow them to share the
directives.
2. As a result of #1, this leaves the ldap_authz hook registered
whether it is ultimately being used or not. Therefore simply
reimplementing the "require" types "user" and "group" within the
ldap_authz handler would conflict with the same types in other authz
modules if loaded and configured in the same directory at the same time.
Therefore it seemed to make more since to implement ldap-user and
ldap-group which more closely identifies what is happening during the
authorization phase anyway. authnz_ldap is still capable of using
"valid-user", "group" or "user" if desired.
3. The directive "AuthLDAPFrontPageHack" has been removed. The reason
for this hack was to allow authorization for frontpage to fallback on a
groupfile rather than the LDAP directory. Now that authnz_ldap can be
configured to authorize via a authz_groupfile rather than forced to use
the directory, this directive didn't seem necessary anymore.
Brad
Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com
>>> bnicholes@apache.org Tuesday, August 17, 2004 5:33:08 PM >>>
bnicholes 2004/08/17 16:33:07
Modified: modules/aaa NWGNUmakefile
Added: modules/aaa NWGNUauthnzldap mod_authnz_ldap.c
Log:
Re-structure the auth_ldap module to fit the new authentication
model. The authnz_ldap module provides an ldap authentication provider
and an authorization handler. It implements the authorization "require"
values ldap-user, ldap-dn and ldap-group. This restructure also moves
auth_ldap out of the experimental directory.
Revision Changes Path
1.3 +2 -0 httpd-2.0/modules/aaa/NWGNUmakefile
Index: NWGNUmakefile
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/aaa/NWGNUmakefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- NWGNUmakefile 13 Sep 2002 21:34:27 -0000 1.2
+++ NWGNUmakefile 17 Aug 2004 23:33:07 -0000 1.3
@@ -158,9 +158,11 @@
$(OBJDIR)/authndbm.nlm \
$(OBJDIR)/authndef.nlm \
$(OBJDIR)/authnfil.nlm \
+ $(OBJDIR)/authnzldap.nlm \
$(OBJDIR)/authzdbm.nlm \
$(OBJDIR)/authzdef.nlm \
$(OBJDIR)/authzgrp.nlm \
+ $(OBJDIR)/authzusr.nlm \
$(OBJDIR)/authzusr.nlm \
$(EOLIST)
1.1 httpd-2.0/modules/aaa/NWGNUauthnzldap
Index: NWGNUauthnzldap
===================================================================
#
# Make sure all needed macro's are defined
#
#
# Get the 'head' of the build environment if necessary. This
includes default
# targets and paths to tools
#
ifndef EnvironmentDefined
include $(AP_WORK)\build\NWGNUhead.inc
endif
#
# These directories will be at the beginning of the include list,
followed by
# INCDIRS
#
XINCDIRS += \
$(AP_WORK)/include \
$(NWOS) \
$(AP_WORK)/srclib/apr/include \
$(AP_WORK)/srclib/apr-util/include \
$(AP_WORK)/srclib/apr \
$(EOLIST)
#
# These flags will come after CFLAGS
#
XCFLAGS += \
$(EOLIST)
#
# These defines will come after DEFINES
#
XDEFINES += \
$(EOLIST)
#
# These flags will be added to the link.opt file
#
XLFLAGS += \
$(EOLIST)
#
# These values will be appended to the correct variables based on the
value of
# RELEASE
#
ifeq "$(RELEASE)" "debug"
XINCDIRS += \
$(EOLIST)
XCFLAGS += \
$(EOLIST)
XDEFINES += \
$(EOLIST)
XLFLAGS += \
$(EOLIST)
endif
ifeq "$(RELEASE)" "noopt"
XINCDIRS += \
$(EOLIST)
XCFLAGS += \
$(EOLIST)
XDEFINES += \
$(EOLIST)
XLFLAGS += \
$(EOLIST)
endif
ifeq "$(RELEASE)" "release"
XINCDIRS += \
$(EOLIST)
XCFLAGS += \
$(EOLIST)
XDEFINES += \
$(EOLIST)
XLFLAGS += \
$(EOLIST)
endif
#
# These are used by the link target if an NLM is being generated
# This is used by the link 'name' directive to name the nlm. If left
blank
# TARGET_nlm (see below) will be used.
#
NLM_NAME = authnzldap
#
# This is used by the link '-desc ' directive.
# If left blank, NLM_NAME will be used.
#
NLM_DESCRIPTION = Apache $(VERSION_STR) LDAP Authentication
Module
#
# This is used by the '-threadname' directive. If left blank,
# NLM_NAME Thread will be used.
#
NLM_THREAD_NAME = AuthnzLDAP Module
#
# If this is specified, it will override VERSION value in
# $(AP_WORK)\build\NWGNUenvironment.inc
#
NLM_VERSION =
#
# If this is specified, it will override the default of 64K
#
NLM_STACK_SIZE = 8192
#
# If this is specified it will be used by the link '-entry'
directive
#
NLM_ENTRY_SYM = _LibCPrelude
#
# If this is specified it will be used by the link '-exit' directive
#
NLM_EXIT_SYM = _LibCPostlude
#
# If this is specified it will be used by the link '-check'
directive
#
NLM_CHECK_SYM =
#
# If these are specified it will be used by the link '-flags'
directive
#
NLM_FLAGS = AUTOUNLOAD, PSEUDOPREEMPTION
#
# If this is specified it will be linked in with the XDCData option
in the def
# file instead of the default of $(NWOS)/apache.xdc. XDCData can be
disabled
# by setting APACHE_UNIPROC in the environment
#
XDCDATA =
#
# If there is an NLM target, put it here
#
TARGET_nlm = \
$(OBJDIR)/authnzldap.nlm \
$(EOLIST)
#
# If there is an LIB target, put it here
#
TARGET_lib = \
$(EOLIST)
#
# These are the OBJ files needed to create the NLM target above.
# Paths must all use the '/' character
#
FILES_nlm_objs = \
$(OBJDIR)/mod_authnz_ldap.o \
$(EOLIST)
#
# These are the LIB files needed to create the NLM target above.
# These will be added as a library command in the link.opt file.
#
FILES_nlm_libs = \
libcpre.o \
$(EOLIST)
#
# These are the modules that the above NLM target depends on to
load.
# These will be added as a module command in the link.opt file.
#
FILES_nlm_modules = \
aprlib \
libc \
lldapsdk \
$(EOLIST)
#
# If the nlm has a msg file, put it's path here
#
FILE_nlm_msg =
#
# If the nlm has a hlp file put it's path here
#
FILE_nlm_hlp =
#
# If this is specified, it will override $(NWOS)\copyright.txt.
#
FILE_nlm_copyright =
#
# Any additional imports go here
#
FILES_nlm_Ximports = \
util_ldap_connection_find \
util_ldap_connection_close \
util_ldap_cache_checkuserid \
util_ldap_cache_compare \
util_ldap_cache_comparedn \
@$(APR)/aprlib.imp \
@$(NWOS)/httpd.imp \
@libc.imp \
@$(LDAPSDK)/imports/lldapsdk.imp \
$(EOLIST)
#
# Any symbols exported to here
#
FILES_nlm_exports = \
authnz_ldap_module \
$(EOLIST)
#
# These are the OBJ files needed to create the LIB target above.
# Paths must all use the '/' character
#
FILES_lib_objs = \
$(EOLIST)
#
# implement targets and dependancies (leave this section alone)
#
libs :: $(OBJDIR) $(TARGET_lib)
nlms :: libs $(TARGET_nlm)
#
# Updated this target to create necessary directories and copy files
to the
# correct place. (See $(AP_WORK)\build\NWGNUhead.inc for examples)
#
install :: nlms FORCE
#
# Any specialized rules here
#
#
# Include the 'tail' makefile that has targets that depend on
variables defined
# in this makefile
#
include $(AP_WORK)\build\NWGNUtail.inc
1.1 httpd-2.0/modules/aaa/mod_authnz_ldap.c
Index: mod_authnz_ldap.c
===================================================================