You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Christophe JAILLET <ch...@wanadoo.fr> on 2014/04/29 22:54:35 UTC
Re: svn commit: r1589993 - in /httpd/httpd/trunk: CHANGES docs/manual/expr.xml
docs/manual/mod/mod_authnz_ldap.xml modules/aaa/mod_authnz_ldap.c
Hi,
doc does not build because of <SITENAME> below:
CJ
Le 25/04/2014 13:14, minfrin@apache.org a écrit :
> Author: minfrin
> Date: Fri Apr 25 11:14:36 2014
> New Revision: 1589993
>
> URL: http://svn.apache.org/r1589993
> Log:
> Add the ldap-search option to mod_authnz_ldap, allowing authorization
> to be based on arbitrary expressions that do not include the username.
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/docs/manual/expr.xml
> httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml
> httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
>
> Modified: httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml?rev=1589993&r1=1589992&r2=1589993&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml Fri Apr 25 11:14:36 2014
> @@ -508,6 +514,28 @@ AuthLDAPMaxSubGroupDepth 1
>
> </section>
>
> +<section id="reqsearch"><title>Require ldap-search</title>
> +
> + <p>The <code>Require ldap-search</code> directive allows the
> + administrator to grant access based on a generic LDAP search filter using an
> + <a href="../expr.html">expression</a>. If there is exactly one match to the search filter,
> + regardless of the distinguished name, access is granted.</p>
> +
> + <p>The following directive would grant access to URLs that match the given objects in the
> + LDAP server:</p>
> +
> +<highlight language="config">
> +<LocationMatch ^/dav/(?<SITENAME>[^/]+)/>
^ There
> +Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)
> +</LocationMatch>
> +</highlight>
> +
> + <p>Note: care must be taken to ensure that any expressions are properly escaped to guard
> + against LDAP injection. The <strong>ldap</strong> function can be used as per the example
> + above.</p>
> +
> +</section>
> +
> </section>
>
> <section id="examples"><title>Examples</title>
Re: svn commit: r1589993 - in /httpd/httpd/trunk: CHANGES docs/manual/expr.xml docs/manual/mod/mod_authnz_ldap.xml modules/aaa/mod_authnz_ldap.c
Posted by Christophe JAILLET <ch...@wanadoo.fr>.
Le 18/11/2023 à 20:52, Yann Ylavic a écrit :
> On Wed, Apr 30, 2014 at 1:02 AM Yann Ylavic <yl...@gmail.com> wrote:
>>
>> On Tue, Apr 29, 2014 at 10:54 PM, Christophe JAILLET
>> <ch...@wanadoo.fr> wrote:
>>> Hi,
>>>
>>> doc does not build because of <SITENAME> below:
>>>
>>> CJ
>>>
>>> Le 25/04/2014 13:14, minfrin@apache.org a écrit :
>>>> +<highlight language="config">
>>>> +<LocationMatch ^/dav/(?<SITENAME>[^/]+)/>
>>>
>>> ^ There
>>>
>>
>> Hmm, won't LocationMatch itself be broken by the inner <>s ?
>
> Wow, fortunately I didn't hold my breath on this one :)
> Someone needs to answer to this former/younger/naive me though and
> since I'm on this commit again: look Yann, this match is double-quoted
> now so we should be fine!
>
In fact, at that time, another solution was provided in r1591113.
But what you propose above, should have worked as well, I guess. :).
CJ
Re: svn commit: r1589993 - in /httpd/httpd/trunk: CHANGES docs/manual/expr.xml docs/manual/mod/mod_authnz_ldap.xml modules/aaa/mod_authnz_ldap.c
Posted by Yann Ylavic <yl...@gmail.com>.
On Wed, Apr 30, 2014 at 1:02 AM Yann Ylavic <yl...@gmail.com> wrote:
>
> On Tue, Apr 29, 2014 at 10:54 PM, Christophe JAILLET
> <ch...@wanadoo.fr> wrote:
> > Hi,
> >
> > doc does not build because of <SITENAME> below:
> >
> > CJ
> >
> > Le 25/04/2014 13:14, minfrin@apache.org a écrit :
> >> +<highlight language="config">
> >> +<LocationMatch ^/dav/(?<SITENAME>[^/]+)/>
> >
> > ^ There
> >
>
> Hmm, won't LocationMatch itself be broken by the inner <>s ?
Wow, fortunately I didn't hold my breath on this one :)
Someone needs to answer to this former/younger/naive me though and
since I'm on this commit again: look Yann, this match is double-quoted
now so we should be fine!
Re: svn commit: r1589993 - in /httpd/httpd/trunk: CHANGES
docs/manual/expr.xml docs/manual/mod/mod_authnz_ldap.xml modules/aaa/mod_authnz_ldap.c
Posted by Yann Ylavic <yl...@gmail.com>.
On Tue, Apr 29, 2014 at 10:54 PM, Christophe JAILLET
<ch...@wanadoo.fr> wrote:
> Hi,
>
> doc does not build because of <SITENAME> below:
>
> CJ
>
> Le 25/04/2014 13:14, minfrin@apache.org a écrit :
>> +<highlight language="config">
>> +<LocationMatch ^/dav/(?<SITENAME>[^/]+)/>
>
> ^ There
>
Hmm, won't LocationMatch itself be broken by the inner <>s ?