You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Christophe JAILLET <ch...@wanadoo.fr> on 2014/04/29 22:54:35 UTC

Re: svn commit: r1589993 - in /httpd/httpd/trunk: CHANGES docs/manual/expr.xml docs/manual/mod/mod_authnz_ldap.xml modules/aaa/mod_authnz_ldap.c

Hi,

doc does not build because of <SITENAME> below:

CJ

Le 25/04/2014 13:14, minfrin@apache.org a écrit :
> Author: minfrin
> Date: Fri Apr 25 11:14:36 2014
> New Revision: 1589993
>
> URL: http://svn.apache.org/r1589993
> Log:
> Add the ldap-search option to mod_authnz_ldap, allowing authorization
> to be based on arbitrary expressions that do not include the username.
>
> Modified:
>      httpd/httpd/trunk/CHANGES
>      httpd/httpd/trunk/docs/manual/expr.xml
>      httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml
>      httpd/httpd/trunk/modules/aaa/mod_authnz_ldap.c
>
> Modified: httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml?rev=1589993&r1=1589992&r2=1589993&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/mod_authnz_ldap.xml Fri Apr 25 11:14:36 2014
> @@ -508,6 +514,28 @@ AuthLDAPMaxSubGroupDepth 1
>   
>   </section>
>   
> +<section id="reqsearch"><title>Require ldap-search</title>
> +
> +    <p>The <code>Require ldap-search</code> directive allows the
> +    administrator to grant access based on a generic LDAP search filter using an
> +    <a href="../expr.html">expression</a>. If there is exactly one match to the search filter,
> +    regardless of the distinguished name, access is granted.</p>
> +
> +    <p>The following directive would grant access to URLs that match the given objects in the
> +    LDAP server:</p>
> +
> +<highlight language="config">
> +&lt;LocationMatch ^/dav/(?<SITENAME>[^/]+)/&gt;
                                   ^ There
> +Require ldap-search (cn=%{ldap:%{unescape:%{env:MATCH_SITENAME}} Website)
> +&lt;/LocationMatch&gt;
> +</highlight>
> +
> +    <p>Note: care must be taken to ensure that any expressions are properly escaped to guard
> +    against LDAP injection. The <strong>ldap</strong> function can be used as per the example
> +    above.</p>
> +
> +</section>
> +
>   </section>
>   
>   <section id="examples"><title>Examples</title>

Re: svn commit: r1589993 - in /httpd/httpd/trunk: CHANGES docs/manual/expr.xml docs/manual/mod/mod_authnz_ldap.xml modules/aaa/mod_authnz_ldap.c

Posted by Christophe JAILLET <ch...@wanadoo.fr>.

Le 18/11/2023 à 20:52, Yann Ylavic a écrit :
> On Wed, Apr 30, 2014 at 1:02 AM Yann Ylavic <yl...@gmail.com> wrote:
>>
>> On Tue, Apr 29, 2014 at 10:54 PM, Christophe JAILLET
>> <ch...@wanadoo.fr> wrote:
>>> Hi,
>>>
>>> doc does not build because of <SITENAME> below:
>>>
>>> CJ
>>>
>>> Le 25/04/2014 13:14, minfrin@apache.org a écrit :
>>>> +<highlight language="config">
>>>> +&lt;LocationMatch ^/dav/(?<SITENAME>[^/]+)/&gt;
>>>
>>>                                    ^ There
>>>
>>
>> Hmm, won't LocationMatch itself be broken by the inner <>s ?
> 
> Wow, fortunately I didn't hold my breath on this one :)
> Someone needs to answer to this former/younger/naive me though and
> since I'm on this commit again: look Yann, this match is double-quoted
> now so we should be fine!
> 

In fact, at that time, another solution was provided in r1591113.

But what you propose above, should have worked as well, I guess. :).

CJ

Re: svn commit: r1589993 - in /httpd/httpd/trunk: CHANGES docs/manual/expr.xml docs/manual/mod/mod_authnz_ldap.xml modules/aaa/mod_authnz_ldap.c

Posted by Yann Ylavic <yl...@gmail.com>.

On Wed, Apr 30, 2014 at 1:02 AM Yann Ylavic <yl...@gmail.com> wrote:
>
> On Tue, Apr 29, 2014 at 10:54 PM, Christophe JAILLET
> <ch...@wanadoo.fr> wrote:
> > Hi,
> >
> > doc does not build because of <SITENAME> below:
> >
> > CJ
> >
> > Le 25/04/2014 13:14, minfrin@apache.org a écrit :
> >> +<highlight language="config">
> >> +&lt;LocationMatch ^/dav/(?<SITENAME>[^/]+)/&gt;
> >
> >                                   ^ There
> >
>
> Hmm, won't LocationMatch itself be broken by the inner <>s ?

Wow, fortunately I didn't hold my breath on this one :)
Someone needs to answer to this former/younger/naive me though and
since I'm on this commit again: look Yann, this match is double-quoted
now so we should be fine!

Re: svn commit: r1589993 - in /httpd/httpd/trunk: CHANGES docs/manual/expr.xml docs/manual/mod/mod_authnz_ldap.xml modules/aaa/mod_authnz_ldap.c

Posted by Yann Ylavic <yl...@gmail.com>.

On Tue, Apr 29, 2014 at 10:54 PM, Christophe JAILLET
<ch...@wanadoo.fr> wrote:
> Hi,
>
> doc does not build because of <SITENAME> below:
>
> CJ
>
> Le 25/04/2014 13:14, minfrin@apache.org a écrit :
>> +<highlight language="config">
>> +&lt;LocationMatch ^/dav/(?<SITENAME>[^/]+)/&gt;
>
>                                   ^ There
>

Hmm, won't LocationMatch itself be broken by the inner <>s ?