You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by David Hawes <dh...@vt.edu> on 2013/10/01 17:03:48 UTC

[users@httpd] 2.4 mod_ldap subgroup filter

When performing subgroup searches, an LDAP search with scope base is
issued on the DN of a group with a hard-coded filter of "cn=*". If the
group does not have a cn, the search will fail.

Since we simply want to get the group members, the default filter of
"objectClass=*" should be used.

A patch is attached that sets the filter to NULL, which defaults to
"objectClass=*".

Re: [users@httpd] 2.4 mod_ldap subgroup filter

Posted by Eric Covener <co...@gmail.com>.

thanks, committed to trunk and proposed for 2.4.x

On Tue, Oct 1, 2013 at 11:03 AM, David Hawes <dh...@vt.edu> wrote:
> When performing subgroup searches, an LDAP search with scope base is
> issued on the DN of a group with a hard-coded filter of "cn=*". If the
> group does not have a cn, the search will fail.
>
> Since we simply want to get the group members, the default filter of
> "objectClass=*" should be used.
>
> A patch is attached that sets the filter to NULL, which defaults to
> "objectClass=*".
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org



-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org